Verifying Security Assumptions and Threat Hunting via osquery

  • Thursday, 24 Feb 2022 10:30AM EST (24 Feb 2022 15:30 UTC)
  • Speakers: Matt Bromiley, Mike McNeil

Getting multiple endpoint solutions to report consistent data that can be compared across platforms is far more difficult than it should be. Fortunately, osquery is a powerful open source utility that lets you ask real-time, low-level questions about the state of your endpoints. Organizations use it every day to supercharge their security because it provides incredible visibility into their devices, query their health and status on a schedule, and feed the results to a SIEM or data platform.

But to harness the true power of osquery, organizations need a powerful management tool.

In this First Look webcast, SANS Analyst Matt Bromiley talks with Mike McNeil, CEO, about Fleet, an osquery management platform designed to provide definitive, real-time answers about the state of your devices and make the power of osquery more accessible to both security teams and administrators.

Specifically, Bromiley and McNeil will discuss the following key topics:

  • Using osquery and Fleet to access vital data about device state, including software inventory, configurations, online users, and applicable CVEs
  • Creating custom reports or fine-tuning visibility from an ad-hoc security question--whatever the operating system
  • Searching for threat characteristics and indicators of compromise (IoCs) using simple SQL queries
  • Validating secure configurations and the percentage of total installs performed when using MDM and software management tools

Click the Get Registered button for this webcast today and be among the first to receive the associated First Look.