Provides an event-based table that lists DNS requests performed by the endpoint. Provides a superset of the information supplied by the default iptables table Provides a table that reports MDM enrollment status. Provides osquery with the ability of listing and locking Windows synchronization objects (mutants, events, semaphores). Provides osquery with NTFS-specific forensic information for incident responders. Provides osquery with the ability to view and manage the OS-native firewall rules and /etc/hosts file (port and host blocking). Check DENY events and manage the whitelist/blacklist rules. Integrates osquery with the Santa application whitelisting solution. Integrates osquery with the Duo Labs EFIgy API to determine if the EFI firmware on your Mac fleet is up-to-date. To learn more about osquery extensions development and why developing outside of 'core' is encouraged for demonstrating new use cases or novel functionality, view our talk ( slides, video) from Quer圜on 2018. Trail of Bits has developed extensions to provide tables that can manage service configurations as well as view them, or that can cross-check information on the host with external third-party services. In extensions, we can add capabilities that go beyond what would be possible in osquery core. Here, we use it to demonstrate other pioneering use cases of osquery. The extensions interface allows organizations to implement proprietary detection methods, or address their individual needs. If you would like to sponsor the development of an extension, please contact us.Įxtensions are a type of osquery add-on that can be loaded at runtime to provide new virtual tables.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |