Operationalize Osquery at Scale with Elastic

Many security teams use osquery to augment their security, compliance, and operations programs. It’s a powerful tool that puts a search box on your hosts and is pivotal for investigations, threat hunting, and continuous monitoring of your environments. But implementing osquery can be cumbersome: it takes significant effort to deploy and manage at scale.

This webcast introduces Osquery Manager, a new integration for Elastic Agent that makes it easier to operationalize osquery. Elastic Agent provides a single installer for data collection and endpoint protection. With just a few clicks, you can install osquery across your hosts and your security team can begin running live queries, scheduling recurring queries, and exploring osquery data that’s ingested in Elasticsearch and available in Kibana.

We will also walk through some specific examples from Elastic’s own InfoSec team that shows how they use osquery to monitor and investigate issues within Kibana.