Kolide & OSQuery - How to build solid queries & packs for incident detection & threat hunting

  • Webcast Aired Monday, October 15, 2018 at 1:00 pm EDT (2018-10-15 17:00:00 UTC)
  • Speakers: Stephen Sims, Erik Van Buggenhout

OSQuery is an amazing (free!) tool that can collect a wide variety of information from your environment. In a previous webcast, we explained some OSQuery basics and demonstrated a few queries. In this next webcast, we will go a step further and introduce how Kolide can be used to manage OSQuery in an enterprise environment. We will also discuss some more advanced query development techniques, which can help further enrich collected data and provide crucial insights on your environment. OSQuery & Kolide are covered in-depth during the course SEC599: Defeating Advanced Adversaries: Purple Team Tactics & Kill Chain Defenses.