aquasecurity / Kube Query
Licence: apache-2.0
[EXPERIMENTAL] Extend osquery to report on Kubernetes
Stars: ✭ 190
Programming Languages
go
31211 projects - #10 most used programming language
Labels
Projects that are alternatives of or similar to Kube Query
sqhunter
A simple threat hunting tool based on osquery, Salt Open and Cymon API
Stars: ✭ 64 (-66.32%)
Mutual labels: osquery
Osquery Configuration
A repository for using osquery for incident detection and response
Stars: ✭ 618 (+225.26%)
Mutual labels: osquery
Siac
SIAC is an enterprise SIEM built on open-source technology.
Stars: ✭ 100 (-47.37%)
Mutual labels: osquery
osquery-starter-kit
A starter-kit for a source-controlled, CLI-based osquery management workflow.
Stars: ✭ 22 (-88.42%)
Mutual labels: osquery
Detectionlab
Automate the creation of a lab environment complete with security tooling and logging best practices
Stars: ✭ 3,237 (+1603.68%)
Mutual labels: osquery
Zentral
Zentral is an open-source solution for infrastructure monitoring and endpoint event stream processing. It provides build-in orchestration of macOS security components (Santa, Osquery, et-al.), event correlation and event management. It consolidates its features with various data store backends (ElasticStack, Azure Log Analytics, Splunk, et-al.).
Stars: ✭ 522 (+174.74%)
Mutual labels: osquery
Hubble
Hubble is a modular, open-source security compliance framework. The project provides on-demand profile-based auditing, real-time security event notifications, alerting, and reporting. HubbleStack is a free and open source project made possible by Adobe. https://github.com/adobe
Stars: ✭ 313 (+64.74%)
Mutual labels: osquery
Osql Experimental
A community-oriented fork of osquery with support for cmake, public CI testing, and regular releases
Stars: ✭ 62 (-67.37%)
Mutual labels: osquery
Xxh
🚀 Bring your favorite shell wherever you go through the ssh.
Stars: ✭ 2,559 (+1246.84%)
Mutual labels: osquery
kolide-quickstart
[DEPRECATED] A quickstart demo for Kolide tools
Stars: ✭ 52 (-72.63%)
Mutual labels: osquery
Osquery Cookbook
A Chef Cookbook to install and configure osquery.
Stars: ✭ 11 (-94.21%)
Mutual labels: osquery
Osq Ext Bin
Extension to osquery windows that enhances it with real-time telemetry, log monitoring and other endpoint data collection
Stars: ✭ 142 (-25.26%)
Mutual labels: osquery
Goquery
Provide a shell like interface by utilizing osquery's distributed API
Stars: ✭ 74 (-61.05%)
Mutual labels: osquery
kube-query
kube-query is an extension for osquery, letting you visualize your cluster using sql queries.
Deployment
Prerequisites
Go v1.12+
build
$ export GO111MODULE=on
$ go build kube-query.go
Running kube-query
When running kube-query, you should always pass the -kubeconfig
flag, specifying the path to your kubeconfig file.
osqueryi
When using the osqueryi tool you can easily register kube-query by passing the -socket parameter to kube-query on another process. For example:
./kube-query -socket="/path/to/osquery/socket" -kubeconfig="/path/to/kubeconfig.yml"
One way to get the path to the osquery socket is like this:
osqueryi --nodisable_extensions
osquery> select value from osquery_flags where name = 'extensions_socket';
+-----------------------------------+
| value |
+-----------------------------------+
| /Users/USERNAME/.osquery/shell.em |
+-----------------------------------+
There are many other options to automatically register extensions.
Example Queries
# query all kube-system pods
SELECT * FROM kubernetes_pods WHERE namespace="kube-system";
# query all containers created by kubernetes
SELECT * FROM kubernetes_containers;
# query all pods that runs with a privileged container
SELECT *
FROM kubernetes_containers
JOIN kubernetes_pods
ON kubernetes_containers.pod_uid=kubernetes_pods.uid
WHERE privileged="True";
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].