OSQUERY Installation - Let's Deploy a Host Intrusion Detection System
Ғылым және технология
Join me as we install OSQUERY. Turn your OS into a database! Let's deploy a Host Intrusion Detection System and SIEM with free open source tools. Join me as we explore and learn together.
Github Repo: github.com/OpenSecureCo/Demos...
Defend with us on Slack: bit.ly/2Pi1byt
Check us out: www.opensecure.co/
Interact with our demo: www.opensecure.co/demo
Hire us: www.opensecure.co/contact-us
Пікірлер: 5
loved it! i have a question tho; is there anyway so that we can kill the process whose binary isn't in the disk using osquery itself? can we do that? or we need an extra hand for incident response (via wazuh's active response lets say)?
@taylorwalton_socfortress
3 жыл бұрын
Hey Rahul, yes the best way to kill the process would be to write a bash script to kill the process ID that was observed with the osquery alert and then use active response to call that script when that osquery alert is triggered. Unfortunately I have not tried that myself but in theory it should be possible. That's the power of OpenSource! Thanks for watching!
FYI: For exiting the CLI in a cleaner fashion, use .exit otherwise, the video is great.
@taylorwalton_socfortress
2 жыл бұрын
Noted and thanks for watching!
Awsome