#OSQUERY SLACK CODE#
Since its debut a few years ago, while there has been wide-spread deployment and many organizations contributing back to the osquery code base, relatively little has been covered about the operational use cases of osquery and especially about osquery deployments at scale. All of these characteristics have made it a foundational tooling for visibility across many IT organizations. The lightweight osquery agent can act as a sensor to stream telemetry for real-time analytics or act as an agent for interpreting ad-hoc questions and providing responses. Its universality and appeal stems from its open source roots, portability across Linux, Windows and MacOS, standardized SQL interface to access telemetry and performant behavior. While there are no published accounts of the actual number of osquery-based endpoints in production, arguably it is one of the most widely deployed universal agents out there. There are anecdotal references to organizations such as Facebook, Google and others using it at very large scale to get security visibility. There are many organizations, large and small, who are using it for a wide-variety of use cases. The user community is thriving and vibrant as reflected in GitHub security showcase and osquery slack channel activity. Osquery has become a popular tooling for endpoint-based security analytics.
0 kommentar(er)
