Osquery for Security Analysis will teach you how to use Osquery to perform thorough investigations of hosts on your network. This isn’t just an Osquery tutorial, it’s a course designed to help you improve your host-based investigation skills using one of the best tools for the job.
syllabus
- How to craft SQL queries to interrogate Windows, Linux, and MacOS hosts
- Common queries for performing software inventory and asset control
- Strategies for interrogating processes to determine if they are malicious
- Techniques for uncovering persistence and lateral movement
- Triaging suspicious systems using high-value data tables
- Hunting leveraging MITRE ATT&CK techniques
- Complete deployment of distributed Osquery across your network using FleetDM and ElasticStack
- How to leverage differential queries to monitor state changes and generate alerts
- Extending Osquery with extensions
