Post-mortem on deploying osquery, Kolide, and writing to kinesis

Presented at BSides Austin 2018, March 9, 2018, 2:30 p.m. (60 minutes).

osquery is an open-source endpoint-solution that is gaining a lot of traction. In this talk, we want to share our experience deploying osquery to a fleet of over 35,000 endpoints. In addition, we discuss the trials and tribulations of managing that deployment, getting Kolide (endpoint management) up and running, as well as writing all of this great data to an AWS Kinesis stream.

Presenters:

• Christian Burrows
  Christian Burrows is a dude from Austin TX and is Sr. Security Intelligence for Atlassian. Philip Mire has a much better and cooler background but is also Sr. Security Intelligence with Atlassian.
• Philip Mire - Atlassian
  Philip Mire graduated with a B.S., Computer Science from Texas A&M University-Kingsville in 1995. He has since worked in the Information Security field with several Fortune 500 companies including Motorola, Dell Computers, Visa, and American Funds. Philip currently works for Atlassian Corporation PLC, an enterprise software company that develops products for software developers, project managers, and content management. Philip holds the following Information Security Credentials: CISSP, GCIH, GCWN, GCIA, GCED, OSCP, & GCFA. Philip is the author of U.S. Patent 7499551-B1 published in 1999 with Dell Computers covering Public Key Infrastructure Technology.

Links:

• https://bsidesaustin2018.sched.com/event/DuFx/post-mortem-on-deploying-osquery-kolide-and-writing-to-kinesis

Similar Presentations:

• BruCON 0x08 (2016) / Hunting Malware with osquery at scale Workshop
• BSidesSF 2019 / Monitoring Minimum Viable Security via osquery on Mac, Windows, Linux, and Containers Workshop
• DEF CON 30 (2022) / Protect/hunt/respond with Fleet and osquery Workshop