Using osquery via Fleet for Client/Server visibility
Utilizing several tools and open source platforms to better increase your visibility over your fleet of machines.
Presented by:
CPE @ Slack
Fleet visibility with osquery and other f/oss tools
This will be a beginner level talk.
- This will focus more on a practical application
- a high level of the tools and their integration
- ie, this how a functioning ecosystem could work, not heavy into one tool or another
- fleet endpoints will be inclusive of linux, win, and macOS
Planned outline as:
- A brief overview of Facebook's osquery
- The idea of Fleet, a distribution point for osquery
- Setting up and querying fleet machines (Fleet)
- Using a syslog server for analysis and reporting, (Graylog)
Links
- Date:
- 2018 April 29 - 03:45
- Duration:
- 45 min
- Room:
- CC-235
- Conference:
- LinuxFest Northwest 2018
- Language:
- Track:
- Infrastructure
- Difficulty:
- Easy
- ROSECODE
- Start Time:
- 2018 April 29 03:45
- Room:
- G-103
- Don't Fear the Patent Clause!
- Start Time:
- 2018 April 29 03:45
- Room:
- CC-114
- Incident Response with Live Linux Forensics
- Start Time:
- 2018 April 29 03:45
- Room:
- CC-200
- Privacy on the blockchain
- Start Time:
- 2018 April 29 03:45
- Room:
- HC-108
- Hybrid multi-cloud infrastructure as code using Terraform
- Start Time:
- 2018 April 29 03:45
- Room:
- CC-208
- Arduino, ESP8266 and 433 Mhz Devices
- Start Time:
- 2018 April 29 03:45
- Room:
- CC-236
- Old Dogs & New Tricks
- Start Time:
- 2018 April 29 03:45
- Room:
- CC-115
- Using osquery via Fleet for Client/Server visibility
- Start Time:
- 2018 April 29 03:45
- Room:
- CC-235
- Picking Up the Pieces, Issues And Challenges Controlling Your Data
- Start Time:
- 2018 April 29 03:45
- Room:
- HC-103 Postgres