Unconventional Uses for Osquery.
Facebook created osquery with certain guiding principles: don't pry into users’ data, don't change the state of the system, don't create network traffic to third parties. It was originally intended as a read-only information gatherer. For those that didn't want to play by these rules, there’s the extension interface. We've begun experimenting with extensions that don’t align with mainline osquery: integrating with third-party services, writable tables, host-based firewall administration, malware vaccination, and more. We shared some of our lessons-learned on the challenges of using osquery as a control interface.
Presented at
Resources
- Announcing the Trail of Bits extension repostiory
- Trail of Bits osquery Extensions
- Manage Santa within osquery
- Manage your fleet's firewalls with osquery
Author
- Mike Myers