GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → emirozer → Exposq

emirozer / Exposq

Licence: mit
Go app that dispatches osquery to multi-machines

Programming Languages

go
31211 projects - #10 most used programming language
golang
3204 projects

Labels

osquery

Projects that are alternatives of or similar to Exposq

Osctrl
Fast and efficient osquery management
Stars: ✭ 183 (+105.62%)
Mutual labels:  osquery
osquery-starter-kit
A starter-kit for a source-controlled, CLI-based osquery management workflow.
Stars: ✭ 22 (-75.28%)
Mutual labels:  osquery
Osquery Configuration
A repository for using osquery for incident detection and response
Stars: ✭ 618 (+594.38%)
Mutual labels:  osquery
Fleet
The premier osquery fleet manager.
Stars: ✭ 210 (+135.96%)
Mutual labels:  osquery
sqhunter
A simple threat hunting tool based on osquery, Salt Open and Cymon API
Stars: ✭ 64 (-28.09%)
Mutual labels:  osquery
Detectionlabelk
DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
Stars: ✭ 273 (+206.74%)
Mutual labels:  osquery
Osq Ext Bin
Extension to osquery windows that enhances it with real-time telemetry, log monitoring and other endpoint data collection
Stars: ✭ 142 (+59.55%)
Mutual labels:  osquery
Osql Experimental
A community-oriented fork of osquery with support for cmake, public CI testing, and regular releases
Stars: ✭ 62 (-30.34%)
Mutual labels:  osquery
osquery-node
node.js client for osquery
Stars: ✭ 32 (-64.04%)
Mutual labels:  osquery
Zentral
Zentral is an open-source solution for infrastructure monitoring and endpoint event stream processing. It provides build-in orchestration of macOS security components (Santa, Osquery, et-al.), event correlation and event management. It consolidates its features with various data store backends (ElasticStack, Azure Log Analytics, Splunk, et-al.).
Stars: ✭ 522 (+486.52%)
Mutual labels:  osquery
Osquery Go
Go bindings for osquery
Stars: ✭ 249 (+179.78%)
Mutual labels:  osquery
kolide-quickstart
[DEPRECATED] A quickstart demo for Kolide tools
Stars: ✭ 52 (-41.57%)
Mutual labels:  osquery
Hubble
Hubble is a modular, open-source security compliance framework. The project provides on-demand profile-based auditing, real-time security event notifications, alerting, and reporting. HubbleStack is a free and open source project made possible by Adobe. https://github.com/adobe
Stars: ✭ 313 (+251.69%)
Mutual labels:  osquery
Kube Query
[EXPERIMENTAL] Extend osquery to report on Kubernetes
Stars: ✭ 190 (+113.48%)
Mutual labels:  osquery
Osquery Cookbook
A Chef Cookbook to install and configure osquery.
Stars: ✭ 11 (-87.64%)
Mutual labels:  osquery
Osquery Extensions
osquery extensions by Trail of Bits
Stars: ✭ 180 (+102.25%)
Mutual labels:  osquery
rhq
Recon Hunt Queries
Stars: ✭ 66 (-25.84%)
Mutual labels:  osquery
Goquery
Provide a shell like interface by utilizing osquery's distributed API
Stars: ✭ 74 (-16.85%)
Mutual labels:  osquery
Fleet
A flexible control server for osquery fleets
Stars: ✭ 1,068 (+1100%)
Mutual labels:  osquery
Launcher
Osquery launcher, autoupdater, and packager
Stars: ✭ 346 (+288.76%)
Mutual labels:  osquery
View All Similar Projects ➔

Screenshot

This is a tiny app i made, that you would run locally on your workstation and it will dispatch osquery queries to the machines under your command. The commands are listed in the main root route of the app so you don't need to dig deep. And i really like osquery project, if you have never checked it out, you should probably take a look.

Requirement

The only requirement is that your target machines should have osquery installed on them, thats it..

Install

Standart Procedure

go get github.com/emirozer/exposq

Lets assume you are going to run exposq from your home directory(/home/user/). After running the command above, you need to create a file called targets.json in your /home/user/

Example formatting of targets.json file:

Screenshot

Important Notes : It expects a private key and you can give a key file specific to a target like the following json structure

{
    targets: [
        {
            "user": user,
            "ip": ip,
            "key": "key file",
        },
        {
            "user": user,
            "ip": ip
        }
    ],
    "key": "global key file"
}

Usage

After that just run:

$>exposq

Open up your browser and go

localhost:3000

And the main route will show you which queries you can dispatch :

Screenshot

Examples:


Check if any of your machines are being used as a relay: Screenshot

Check if any of your machines are a victim of mitm: Screenshot

Check the uptime of your machines:

Screenshot

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].