Kolide & OSQuery - How to build solid queries & packs for incident detection & threat hunting

  • Monday, 15 Oct 2018 1:00PM EDT (15 Oct 2018 17:00 UTC)
  • Speakers: Stephen Sims, Erik Van Buggenhout

OSQuery is an amazing (free!) tool that can collect a wide variety of information from your environment. In a previous webcast, we explained some OSQuery basics and demonstrated a few queries. In this next webcast, we will go a step further and introduce how Kolide can be used to manage OSQuery in an enterprise environment. We will also discuss some more advanced query development techniques, which can help further enrich collected data and provide crucial insights on your environment. OSQuery & Kolide are covered in-depth during the course SEC599: Defeating Advanced Adversaries: Purple Team Tactics & Kill Chain Defenses.