Facebook Security Engineering ◦ Detection Infrastructure ▪.Direct message theopolis if you need anything whatsoever.Please please please, file and address issues ◦ There are 100+ contributors ◦ We strive to be as nice and accommodating as possible!.Anything that is not documented should become an issue ◦.The source for these docs lives within the repo: ◦ Login to the box using the credentials user: vagrant pass: vagrant ◦ Either inside of VirtualBox, or use Term, iTerm, PuTTY(Installer in /util) $ ssh -p 2222.vbox file under /vms ◦ Or add the virtual machine, however you wanna do that. Installers under the virtualbox-installers dir. Copy all the contents locally while we talk for expedited hacking ◦ If you want :P.All of the components of this lab are on the USB Thumb Drives ◦ We know, hilarious right?.Connect to the osquery-lab WiFi (password: osqueryrocks).Hunting Malware at Scale with osquery Now with more Cyber!.This segment is largely optional and designed for people who want to get familiar with how osquery works under the hood. The goal being to give the student sufficient information to hack on the osquery project. We will walk you through some of the core components of osquery so you can have a deeper understand of this application. Part III - osquery development (optional - 0.5 to 1 hours): The last part of the workshop focuses on osquery development. We will demonstrate this concept with the use of virtual machines, however the methodologies can be extrapolated to larger enterprises.
#Splunk osquery dashboard how to
You will learn how to write “query packs” which are utilized to collect and analyze the results from various endpoints in an enterprise.
Part II - osquery at scale (1.5 hours): The second part of the workshop will focus on automation and deployment of osquery at a larger scale. The goal of this section is to get students familiar with writing SQL statements and to understand how osquery makes use of core tables to abstract operating system artifacts. Part I - hunting malware with osquery (1.5 hours) The first section of the workshop will make use of the interactive osquery command line tool (osqueryi) to hunt for characteristics of malware residing on a local system. The workshop is broken into three components: This workshop is a very hands-on training and we expect participants to be comfortable with CLI. Since osquery allows us to easily ask questions about our infrastructure, it provides powerful capabilities, such as finding malware persistence techniques and scanning IOCs across our fleets of machines. osquery is developed and used by Facebook to proactively hunt for abnormalities. This workshop is an introduction to osquery, an open source SQL-powered operating system for instrumentation and analytics.
0 kommentar(er)
