![]() SELECT * FROM file WHERE path = '/etc/passwd' Retrieve certificate information using curl and dump json output to shell Osqueryi -json "SELECT * FROM curl_certificate WHERE hostname = ':443' " Show open socket / network connections similar to netstat Retrieve commands from process event table that match filter (audit events) SELECT * FROM process_events WHERE cmd_line LIKE 'nmap%' Show usb, hard drive changes and other hardware state changes SELECT md5 FROM hash WHERE path = '/etc/passwd' SELECT url, round_trip_time, response_code FROM curl WHERE url = '' Įxecute curl and report time / HTTP response code SELECT * FROM deb_packages WHERE name LIKE 'python3%' ![]() SELECT hostname, cpu_brand, cpu_physical_cores, cpu_logical_cores, physical_memory FROM system_info Get operating system type, version and architecture | 998 | 100 | 998 | 100 | lxd | | /var/snap/lxd/common/lxd | /bin/false | |Īnother example this time with fields selected and a LIMIT: osquery> select uid, username, directory from users LIMIT 5 | 2 | 2 | 2 | 2 | bin | bin | /bin | /usr/sbin/nologin | | | 1 | 1 | 1 | 1 | daemon | daemon | /usr/sbin | /usr/sbin/nologin | | ![]() | uid | gid | uid_signed | gid_signed | username | description | directory | shell | uuid | In the below query, we get a list of users (example has been snipped). Using SQL (sqlite is the basis for the SQL syntax) queries, we can query tables to gather information about the operating system. Interactive Shell for Immediate Testing (osqueryi)īefore doing any configuration, we can load the interactive shell to perform test queries. ~$ sudo add-apt-repository 'deb deb main'įollowing this installation the /etc/osquery location will be created for configuration files but these will not be populated at this stage. ~$ sudo apt-key adv -keyserver hkp://:80 -recv-keys $OSQUERY_KEY The regular system level apt upgrade will upgrade the package as required in the future. It will add the apt repository to the system and install the package. These steps can be used on Debian or Ubuntu based systems. If you are using Fedora or other Linux distros the initial steps are well documented. In this tutorial, we will focus on installation on Ubuntu from the official repository. It has straightforward installation steps for a variety of operating systems and Linux distributions. The company is committed to driving this number to 1M+, and beyond.Originally developed by Facebook, osquery is a well-supported and documented tool. Today, Fleet deployments supports 500,000 devices, and counting. ![]() The scale of realtime reporting supported by Fleet has increased 5,000% since 2019. (Fleet also load tests the platform before every release, with increasingly ambitious targets. We will always allow you to benchmark the performance of Fleet.The product will be available for download without leaving an email address or logging in.The majority of new features contributed by Fleet Device Management Inc will be open source.The open source codebase will not contain any artificial limits on the number of hosts, users, size, or performance.The free version of Fleet is enterprise ready.We will always release and open source all tests that we have for any open source feature.We won't introduce features into the open source codebase with a fixed delay if a feature is planned to land in both it will be released simultaneously in both.The majority of new capabilities added to Fleet will benefit all users, not just customers.Features might be removed from the open source codebase in other cases, for example when combining features from multiple tiers into one new feature. When a feature is free and open source we won't move that feature to a paid tier.What is your commitment to open source stewardship?
0 Comments
Leave a Reply. |