OSQUERY Installation - Let's Deploy a Host Intrusion Detection System
Рет қаралды 6,958
Күн бұрынJoin me as we install OSQUERY. Turn your OS into a database! Let's deploy a Host Intrusion Detection System and SIEM with free open source tools. Join me as we explore and learn together.
Github Repo: github.com/Ope...
Defend with us on Slack: bit.ly/2Pi1byt
Check us out: www.opensecure...
Interact with our demo: www.opensecure...
Hire us: www.opensecure...
@rahulshah1559 3 жыл бұрын
loved it! i have a question tho; is there anyway so that we can kill the process whose binary isn't in the disk using osquery itself? can we do that? or we need an extra hand for incident response (via wazuh's active response lets say)?
@taylorwalton_socfortress 3 жыл бұрын
Hey Rahul, yes the best way to kill the process would be to write a bash script to kill the process ID that was observed with the osquery alert and then use active response to call that script when that osquery alert is triggered. Unfortunately I have not tried that myself but in theory it should be possible. That's the power of OpenSource! Thanks for watching!
@binodbj4743 2 жыл бұрын
Awsome
@elatedmaniac 3 жыл бұрын
FYI: For exiting the CLI in a cleaner fashion, use .exit otherwise, the video is great.
@taylorwalton_socfortress 3 жыл бұрын
Noted and thanks for watching!
Taylor Walton
Рет қаралды 9 М.
Taylor Walton
Рет қаралды 7 М.
PuffPaw Arabic
Рет қаралды 17 МЛН
SANS Cloud Security
Рет қаралды 3,9 М.
Taylor Walton
Рет қаралды 11 М.
Taylor Walton
Рет қаралды 10 М.
Taylor Walton
Рет қаралды 9 М.
Motasem Hamdan | Cyber Security & Tech
Рет қаралды 8 М.
Taylor Walton
Рет қаралды 9 М.