+ All Categories

Home > Documents > Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok {...

Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok {...

Date post:	22-Jul-2020
Category:	Documents
Upload:	others
View:	1 times
Download:	0 times

Download Report this document

Share this document with a friend

Embed Size (px):

33

Extending Osquery

Transcript

Page 1: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

Extending Osquery

Page 2: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

Why

Page 3: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

229 Tables

Page 4: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

curldocker

prometheuspython_packages

ec2_instanceskinesis/kafka loggers

Page 5: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

Page 6: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

How

Page 7: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

Config

Page 8: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

Page 9: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

Page 10: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

Page 11: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

Page 12: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

Page 13: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

Page 14: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

Loggers

Page 15: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

Page 16: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

Page 17: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

Loggers

Page 18: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

Page 19: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

Loggers

Page 20: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

Loggers

Page 21: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

Loggers

Page 22: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

Tables

Page 23: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

Osquery > BigQuery > DataStudio

Page 24: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

Tables

Page 25: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

Register Plugins in an Extension

Page 26: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

Page 27: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

Page 28: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

Query Plugin

Page 29: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

Query Plugin

Query Plugin

Page 30: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

TableConfigLogger

DistributedQuery

Page 31: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

Page 32: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

Page 33: Extending Osquery - QueryCon19 Vrantchan - All you can do with... · conf" ] ; ok { file.GetContent()}, nil conf file in gist %s" , p. gist ID) 2 func New() *config. Plugin { plugin

Recommended

Easyazon plugin - Easyazon plugin review, Easyazon plugin download, and use

Gist Spring14 web

GIST RESEARCHERgist.edu.in/gist/wp-content/uploads/2019/03/GIST-RESEARCHER_Jul… · GIST RESEARCHER Journal of Science and Technology Vol. 3 Issue. 2 July 2015 Improvement of Power

The GIST Newsletter

DIALux4[1].0- · PDF filedialux 2 plugin. 1.X. plugin , plugin. luminaire selection Plugin plugin . home page, Intenet Explorer

GIST Cancer Research

Economy & Finance

JAVA notes gist

Getting the Gist

Gist Bacteria - Gist 2011

Gist: Putting the fun in [email protected] gist Gist: Putting the fun in function 2 “Everyone wants to be profiled or communicate their message in gist.

Robert A. Gist and Gist, Kennedy & Associates, Inc

GIST 스타트업 GIST학생 창업기업 ㈜에스오에스랩, 외부 …GIST 스타트업 GIST학생 창업기업 ㈜에스오에스랩, 외부 투자유치 성공 GIST 박사 4명이

GIST Patient Guide (Gastrointestinal stromal - GIST Support UK