OSQUERY Installation - Let's Deploy a Host Intrusion Detection System

  Рет қаралды 6,967

Taylor Walton

Taylor Walton

Күн бұрын

Пікірлер: 5
@rahulshah1559
@rahulshah1559 3 жыл бұрын
loved it! i have a question tho; is there anyway so that we can kill the process whose binary isn't in the disk using osquery itself? can we do that? or we need an extra hand for incident response (via wazuh's active response lets say)?
@taylorwalton_socfortress
@taylorwalton_socfortress 3 жыл бұрын
Hey Rahul, yes the best way to kill the process would be to write a bash script to kill the process ID that was observed with the osquery alert and then use active response to call that script when that osquery alert is triggered. Unfortunately I have not tried that myself but in theory it should be possible. That's the power of OpenSource! Thanks for watching!
@elatedmaniac
@elatedmaniac 3 жыл бұрын
FYI: For exiting the CLI in a cleaner fashion, use .exit otherwise, the video is great.
@taylorwalton_socfortress
@taylorwalton_socfortress 3 жыл бұрын
Noted and thanks for watching!
@binodbj4743
@binodbj4743 2 жыл бұрын
Awsome
Арыстанның айқасы, Тәуіржанның шайқасы!
25:51
QosLike / ҚосЛайк / Косылайық
Рет қаралды 700 М.
Что-что Мурсдей говорит? 💭 #симбочка #симба #мурсдей
00:19
osquery Basics: osquery & SQL
13:15
Uptycs: Secure Your Hybrid Cloud
Рет қаралды 11 М.
Getting started with Ansible 02 - SSH Overview & Setup
28:51
Learn Linux TV
Рет қаралды 259 М.
TryHackMe! Finding Computer Artifacts with osquery
20:04
John Hammond
Рет қаралды 33 М.