GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → sroberts → responding-at-scale-with-osquery

sroberts / responding-at-scale-with-osquery

Licence: GPL-3.0 license
Using osquery for Mass Incident Detection & Response

Programming Languages

HTML
75241 projects

Responding @ Scale: Using osquery for Mass Incident Detection & Response - A Talk at SANS DFIR Summit 2016

Directions

  1. Open slides.html while connected to the Internet.
  2. ???
  3. Profit!

Referenced Projects

Facebook's osquery

Blackfists' Windmill

CFP

Talk Title

Responding @ Scale: Using osquery for Mass Incident Detection & Response

Abstract

One of the most exciting aspects of open source is when companies release internal projects to the community. In many cases these projects represent high end software that would cost tens of thousands from a commercial vendor.

Facebook released their osquery host instrumentation framework in October 2014 as an open source project and the community and companies have jumped on it. It's not as simple as downloading and installing though; osquery is a framework for building robust host monitoring. We have each taken time to deploy osquery in our respective environments, on a variety of hosts, and want to share our experiences. We'll discuss deployment, configuration, integration, and ongoing management. We'll discuss other projects that (management speak) synergize well with osquery, helping you build a comprehensive host monitoring system.

Personal Bios

Kevin Thompson is a Senior Incident Responder at Heroku or as he likes to call himself, a NextGen Cyber Fusion Analyst. Heroku has thousands and thousands of servers so searching for indicators and correlating data can’t be a manual process. Prior to working at Heroku, he was a security data scientist (data alchemist) at Verizon where he co-authored the Data Breach Investigations Report and is one of the core developers behind the VERIS Community Database. Kevin is also a college professor teaching computer security and web programming to the next generation of people that will probably store passwords with ROT13 encryption.

Scott J Roberts works for GitHub and makes up his title every time he’s asked, so we’ll say he’s the Director of Bad Guy Catching. He has worked for 900lbs security gorillas, government security giants & boutiques, and financial services security firms and done his best to track down bad guys at all these places. He’s released and contributed to multiple tools for threat intelligence and malware analysis. Scott is also really good at speaking in the 3rd person.

Contact information (for all presenters): name, website, phone number, email, twitter

Removed because creepers.

Where/when presented previously

This presentation was originally given in a longer form at the amazing BSidesDFW 2015 in Dallas Texas. We've since learned a lot about what works and what doesn't with osquery and what it takes to get started effectively.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].