Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/sttor/awesome-osquery

Osquery Resources
https://github.com/sttor/awesome-osquery

List: awesome-osquery

Last synced: about 1 month ago
JSON representation

Osquery Resources

Awesome Lists containing this project

README 

        
# Awesome Osquery

Curated List of osquery resources.



## Downloads

* [Official Osquery Repository](https://osquery.io/downloads/official/3.3.2)



## Blogs and Articles



#### Official Documentation

* [Documentation](https://osquery.readthedocs.io/en/latest/)



#### Starter Guide

* How to monitor your System Security with osquery - Digitalocean - [link](https://www.digitalocean.com/community/tutorials/how-to-monitor-your-system-security-with-osquery-on-ubuntu-16-04)

* Server Endpoint Security with osquery - Alibaba Cloud - [link](https://www.alibabacloud.com/blog/server-endpoint-security-with-osquery_594950)

* Osquery For Security Part 1 - [link](https://medium.com/@clong/osquery-for-security-b66fffdf2daf)

* Osquery For Security Part 2 - [link](https://medium.com/@clong/osquery-for-security-part-2-2e03de4d3721)

* Osquery across the enterprise - [link](https://medium.com/palantir/osquery-across-the-enterprise-3c3c9d13ec55)

* Install/Setup Doorman + Osquery on Windows, MAC OSX and Linux Deployment. - [link](https://holdmybeersecurity.com/2017/08/17/installsetup-doorman-osquery-on-windows-mac-osx-and-linux-deployment/#comment-10468)



#### ELK

* Attack Monitoring Using ELK and osquery - [link](http://www.prajalkulkarni.com/2016/05/attack-monitoring-using-elk-outofband.html)

* Elk + Osquery + Kolide Fleet = Love  - [link](https://jordanpotti.com/2018/02/16/elk-osquery-kolide-fleet-love/)



#### Remote Forensics & Threat Hunting

* Using osquery for remote forensics - TrailofBits- [link](https://blog.trailofbits.com/2019/05/31/using-osquery-for-remote-forensics/)

* Introduction to osquery for Threat Detection and DFIR - Rapid7 - [link](https://blog.rapid7.com/2016/05/09/introduction-to-osquery-for-threat-detection-dfir/)

* Threat Hunting with Kolide and osquery - [link](https://resources.infosecinstitute.com/category/enterprise/threat-hunting/threat-hunting-solutions/how-to-build-a-threat-hunting-tool-in-10-steps/threat-hunting-with-kolide-and-osquery/#gref)



#### Malware Analysis

* Malware Analysis using Osquery | Part 1 - [link](https://hackernoon.com/malware-analysis-using-osquery-part-1-78f5f617cc19)

* Malware Analysis using Osquery | Part 2 - [link](https://hackernoon.com/malware-analysis-using-osquery-part-2-69f08ec2ecec)

* Malware Analysis using Osquery | Part 2 - [link](https://hackernoon.com/malware-analysis-using-osquery-part-3-9dc805b67d16)

* MAC Malware Analysis using Osquery - Uptycs - [link](https://www.uptycs.com/blog/malware-analysis-using-osquery)

* Malware Hunting made easy with osquery and extensions [link](https://medium.com/@atul_15222/malware-hunting-made-easy-with-osquery-and-extensions-64361abac667)

* Detecting Malicious downloads with osquery, rsyslog, kafka, python3 and virustotal. - [link](https://holdmybeersecurity.com/2019/04/25/detecting-malicious-downloads-with-osquery-rsyslog-kafka-python3-and-virustotal/)



### MITRE ATT&CK

* [ATT&CK+osquery = love](https://www.carbonblack.com/2018/10/29/attck-osquery-love/)

* [Hardening defenses with MITRE ATT&CK and osquery: Lessons from Singapore Health Breach](https://www.uptycs.com/blog/hardening-defenses-with-mitre-attck-and-osquery-lessons-from-singapore-health-breach)



#### Other

* Manage Santa within osquery - TrailofBits - [link](https://blog.trailofbits.com/2018/05/29/manage-santa-within-osquery/)

* Anomaly detection using osquery - Facebook  - [link](https://es-la.facebook.com/notes/protect-the-graph/anomaly-detection-using-osquery/1532788613627951/)

* Logging Osquery with rsyslog - [link](https://holdmybeersecurity.com/2019/03/29/logging-osquery-with-rsyslog-v8-love-at-first-sight/)

* Deploying osquery at scale - Uptycs - [link](https://www.uptycs.com/blog/deploying-osquery-at-scale-a-comprehensive-list-of-open-source-tools)

* Building and effective EDR with osquery [link](https://medium.com/@atul_15222/building-an-effective-edr-f8b1b037d6da)

* Adobe's Hubble and Osquery - [link](https://blogs.adobe.com/security/2017/12/introducing-hubblestack.html)

* How are teams currently using osquery -[link](https://blog.trailofbits.com/2017/11/09/how-are-teams-currently-using-osquery/)

* Osquery Cheat Sheet – Process Interrogation & Persistence Techniques - [link](https://defensivedepth.com/2018/10/10/osquery-cheat-sheet-process-interrogation-persistence-techniques/)



## Courseware

* Free - Osquery training by Uptycs - [link](https://www.uptycs.com/free-osquery-training-intro-to-osquery)

* Paid - Osquery for Security Analysis - [link](https://www.networkdefense.io/library/osquery-for-security-analysis/71832/about/)



## Repository 

* A repository for using osquery for incident detection and response. [osquery-configuration](https://github.com/palantir/osquery-configuration)

* Python Binding for osquery [osquery-python](https://github.com/osquery/osquery-python)

* Go Binding for osquery [osquery-go](https://github.com/kolide/osquery-go)

* Mapping the MITRE ATT&CK Matrix with Osquery [osquery-attck](https://github.com/teoseller/osquery-attck)



## Opensource Fleet Manager

* [Doorman](https://github.com/mwielgoszewski/doorman)

* [Kolide Fleet](https://github.com/kolide/fleet)

* [Zentral](https://github.com/zentralopensource/zentral/wiki)

* [Okta - SGT: OSQuery Management Server Built Entirely on AWS!](https://github.com/OktaSecurityLabs/sgt)



## Commercial Fleet Manager

* [Kolide](https://kolide.com/)

* [Sttor](https://sttor.com)

* [Uptycs](https://www.uptycs.com/)

* [Zercurity](https://www.zercurity.com/)