*** This is a Security Bloggers Network syndicated blog from Uptycs Blog authored by Harry Hayward. Combining one tool from each of these functional areas will be a Do-It-Yourself starting point for deploying osquery at scale.Įndpoint Configuration/Deployment How will you efficiently and seamlessly deliver osquery to the endpoint?Ĭhef, Ansible, and Puppet: while each of (Read more.) We’ve split them into six respective functions: endpoint configuration, endpoint inspection, endpoint management, data transport, data storage, and data visualization. This does not need an osquery server or service. This list is by no means exhaustive, but we’ve distilled it down to some of the most commonly used tools for building an osquery ecosystem. Running osquery To start a standalone osquery use: osqueryi. In some cases this could mean introducing a commercial offering, but in this post we’re going to outline how to make osquery work using supplementary open-source tools. Ansible’s main goals are simplicity and ease-of-use. However, we recommend you use the FQCN for easy linking to the module documentation and to avoid conflicting with other collections that may have the same module name. Unlike more simplistic management tools, Ansible users (like system administrators, developers and architects) can use Ansible automation to install software, automate. In most cases, you can use the short module name user even without specifying the collections: keyword. Ansible® is an open source IT automation tool that automates provisioning, configuration management, application deployment, orchestration, and many other manual IT processes. When you look at developing a solution like this, osquery is a key part, but the entire system is not possible without additional components handling the transport, aggregation, storage, and presentation of all the rich data that osquery can provide. This module is part of ansible-core and included in all Ansible installations. Some third-party software exposes metrics in the Prometheus format, so no separate exporters are needed: Ansible Tower (. This, fundamentally, can help you see why osquery is a handy utility right out of the box, but the real value of the instrumentation agent is discovered when the data it can access is gathered and analyzed at scale, across an entire enterprise.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |