GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → kolide → osquery-starter-kit

kolide / osquery-starter-kit

Licence: MIT License
A starter-kit for a source-controlled, CLI-based osquery management workflow.

Labels

osquery

Projects that are alternatives of or similar to osquery-starter-kit

Zentral
Zentral is an open-source solution for infrastructure monitoring and endpoint event stream processing. It provides build-in orchestration of macOS security components (Santa, Osquery, et-al.), event correlation and event management. It consolidates its features with various data store backends (ElasticStack, Azure Log Analytics, Splunk, et-al.).
Stars: ✭ 522 (+2272.73%)
Mutual labels:  osquery
Xxh
🚀 Bring your favorite shell wherever you go through the ssh.
Stars: ✭ 2,559 (+11531.82%)
Mutual labels:  osquery
Osquery Go
Go bindings for osquery
Stars: ✭ 249 (+1031.82%)
Mutual labels:  osquery
Osquery Cookbook
A Chef Cookbook to install and configure osquery.
Stars: ✭ 11 (-50%)
Mutual labels:  osquery
Exposq
Go app that dispatches osquery to multi-machines
Stars: ✭ 89 (+304.55%)
Mutual labels:  osquery
Osquery Extensions
osquery extensions by Trail of Bits
Stars: ✭ 180 (+718.18%)
Mutual labels:  osquery
Hubble
Hubble is a modular, open-source security compliance framework. The project provides on-demand profile-based auditing, real-time security event notifications, alerting, and reporting. HubbleStack is a free and open source project made possible by Adobe. https://github.com/adobe
Stars: ✭ 313 (+1322.73%)
Mutual labels:  osquery
sqhunter
A simple threat hunting tool based on osquery, Salt Open and Cymon API
Stars: ✭ 64 (+190.91%)
Mutual labels:  osquery
Siac
SIAC is an enterprise SIEM built on open-source technology.
Stars: ✭ 100 (+354.55%)
Mutual labels:  osquery
Fleet
The premier osquery fleet manager.
Stars: ✭ 210 (+854.55%)
Mutual labels:  osquery
Fleet
A flexible control server for osquery fleets
Stars: ✭ 1,068 (+4754.55%)
Mutual labels:  osquery
Goquery
Provide a shell like interface by utilizing osquery's distributed API
Stars: ✭ 74 (+236.36%)
Mutual labels:  osquery
Osctrl
Fast and efficient osquery management
Stars: ✭ 183 (+731.82%)
Mutual labels:  osquery
Osquery Configuration
A repository for using osquery for incident detection and response
Stars: ✭ 618 (+2709.09%)
Mutual labels:  osquery
Detectionlab
Automate the creation of a lab environment complete with security tooling and logging best practices
Stars: ✭ 3,237 (+14613.64%)
Mutual labels:  osquery
Launcher
Osquery launcher, autoupdater, and packager
Stars: ✭ 346 (+1472.73%)
Mutual labels:  osquery
Osq Ext Bin
Extension to osquery windows that enhances it with real-time telemetry, log monitoring and other endpoint data collection
Stars: ✭ 142 (+545.45%)
Mutual labels:  osquery
osquery-node
node.js client for osquery
Stars: ✭ 32 (+45.45%)
Mutual labels:  osquery
kolide-quickstart
[DEPRECATED] A quickstart demo for Kolide tools
Stars: ✭ 52 (+136.36%)
Mutual labels:  osquery
Kube Query
[EXPERIMENTAL] Extend osquery to report on Kubernetes
Stars: ✭ 190 (+763.64%)
Mutual labels:  osquery
View All Similar Projects ➔

Osquery Starter Kit

When you're getting started with osquery, it can be difficult to figure out how to gather up as much high-quality, open-source intelligence as possible and deploy it to your fleet along with your own, custom query packs.

To help with this objective, Kolide Fleet supports a command-line workflow for managing osquery configuration via source-controlled, code-audited files. The fleetctl command-line can be used to "apply" a set of declarative configurations idempotently.

This allows you to setup a CI workflow where CI is the only entity that can update osquery configuration, allowing you to enforce an appropriate level of code review to your osquery SQL deployment proceess. Alternatively, you may just want to fleetctl apply your configuration yourself, but you want to have a source-controlled backup of all of your configurations.

This repository aims to be a starting point for people that are looking to deploy osquery and want a code-based workflow that allows for:

  • a text-based osquery configuration experience
    • bring your favorite text editor!
  • a command-line experiencing for managing osquery deployment configurations
  • maximum query re-use
    • use the same query in multiple packs and labels
  • code review throughout the configuration management process
  • easy sharing of osquery intelligence with others

Requirements

To use this repo (or a repo like this), you must be using Kolide Fleet (version 2.0.0 or greater) to manage your osquery deployment and have a locally configured fleetctl binary. If your company already uses Kolide Fleet and you'd like to install the fleetctl CLI, there are a few supported options. On macOS, you can use the Homebrew package manager:

$ brew tap kolide/tap
$ brew install fleet

If you'd rather not use Homebrew or you would like to download fleetctl on another platform, you can download the latest binaries directly from the GitHub Releases page.

Once you have the fleetctl binary in your path, you must configure your local CLI context to target your remote Fleet instance:

$ fleetctl config set --address https://fleet.corp.example.com
[+] Set the address config key to "https://fleet.corp.example.com" in the "default" context

Finally, login via the CLI:

$ fleetctl login
Log in using the standard Fleet credentials.
Email: [email protected]
Password:
[+] Fleet login successful and context configured!
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].