Intrusion detection on Linux and OS X with osquery (https://osquery.io)

Presented at BruCON 0x07 (2015), Oct. 9, 2015, 2 p.m. (120 minutes)

Osquery is an instrumentation framework for OS X and Linux. It exposes low-level operating system information as virtual SQL “tables” and queries can be grouped in “packs”. In this workshop participants will learn on how Facebook uses osquery for incident response and intrusion detection by analyzing a compromised Linux VM.

Presenters:

• Ted Reed
• Javier Marcos

Links:

• https://brucon0x072015.sched.com/event/4LH8/intrusion-detection-on-linux-and-os-x-with-osquery-httpsosqueryio
• https://brucon0x072015.sched.com/event/4LOz/intrusion-detection-on-linux-and-os-x-with-osquery-httpsosqueryio

Similar Presentations:

• LocoMocoSec 2018 / Starting, growing, and scaling your host intrusion detection efforts
• BSidesSF 2019 / Monitoring Minimum Viable Security via osquery on Mac, Windows, Linux, and Containers Workshop
• BruCON 0x08 (2016) / Hunting Malware with osquery at scale Workshop