#osquery — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #osquery, aggregated by home.social.
-
How to Install #Osquery on #Ubuntu #VPS This article provides a guide describing how to install Osquery on Ubuntu VPS. What is Osquery? Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ... Continued 👉
How to Install Osquery on Ubun... -
How to Install #Osquery on #Ubuntu #VPS
This article provides a guide describing how to install Osquery on Ubuntu VPS.
What is Osquery?
Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.Below is a production-ready, step-by-step guide ...
Continued 👉 https://blog.radwebhosting.com/install-osquery-on-ubuntu-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social -
Wrote another #MCP server for fun https://github.com/mdfranz/osqueryi-mcp #osquery
-
How to Install #Osquery on #Ubuntu #VPS
This article provides a guide describing how to install Osquery on Ubuntu VPS.
What is Osquery?
Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.Below is a production-ready, step-by-step guide ...
Continued 👉 https://blog.radwebhosting.com/install-osquery-on-ubuntu-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social -
How to Install #Osquery on #Ubuntu #VPS
This article provides a guide describing how to install Osquery on Ubuntu VPS.
What is Osquery?
Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.Below is a production-ready, step-by-step guide ...
Continued 👉 https://blog.radwebhosting.com/install-osquery-on-ubuntu-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social -
How to Install #Osquery on #Ubuntu #VPS
This article provides a guide describing how to install Osquery on Ubuntu VPS.
What is Osquery?
Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.Below is a production-ready, step-by-step guide ...
Continued 👉 https://blog.radwebhosting.com/install-osquery-on-ubuntu-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social -
How to Install #Osquery on #Ubuntu #VPS
This article provides a guide describing how to install Osquery on Ubuntu VPS.
What is Osquery?
Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.Below is a production-ready, step-by-step guide ...
Continued 👉 https://blog.radwebhosting.com/how-to-install-osquery-on-ubuntu-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social -
Memory Analysis for #Linux has always been a bit hit-or-miss. Trail of Bits has released a tool called #mquire that doesn't require debug symbols for the originating Kernel.
It also uses SQL-based queries to perform analysis, similar to #OSquery.
https://blog.trailofbits.com/2026/02/25/mquire-linux-memory-forensics-without-external-dependencies/
-
Memory Analysis for #Linux has always been a bit hit-or-miss. Trail of Bits has released a tool called #mquire that doesn't require debug symbols for the originating Kernel.
It also uses SQL-based queries to perform analysis, similar to #OSquery.
https://blog.trailofbits.com/2026/02/25/mquire-linux-memory-forensics-without-external-dependencies/
-
Memory Analysis for #Linux has always been a bit hit-or-miss. Trail of Bits has released a tool called #mquire that doesn't require debug symbols for the originating Kernel.
It also uses SQL-based queries to perform analysis, similar to #OSquery.
https://blog.trailofbits.com/2026/02/25/mquire-linux-memory-forensics-without-external-dependencies/
-
Memory Analysis for #Linux has always been a bit hit-or-miss. Trail of Bits has released a tool called #mquire that doesn't require debug symbols for the originating Kernel.
It also uses SQL-based queries to perform analysis, similar to #OSquery.
https://blog.trailofbits.com/2026/02/25/mquire-linux-memory-forensics-without-external-dependencies/
-
Memory Analysis for #Linux has always been a bit hit-or-miss. Trail of Bits has released a tool called #mquire that doesn't require debug symbols for the originating Kernel.
It also uses SQL-based queries to perform analysis, similar to #OSquery.
https://blog.trailofbits.com/2026/02/25/mquire-linux-memory-forensics-without-external-dependencies/
-
How to Install #Osquery on #Ubuntu #VPS
This article provides a guide describing how to install Osquery on Ubuntu VPS.
What is Osquery?
Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.Below is a production-ready, step-by-step guide ...
Continued 👉 https://blog.radwebhosting.com/how-to-install-osquery-on-ubuntu-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social -
How to Install #Osquery on #Ubuntu #VPS
This article provides a guide describing how to install Osquery on Ubuntu VPS.
What is Osquery?
Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.Below is a production-ready, step-by-step guide ...
Continued 👉 https://blog.radwebhosting.com/how-to-install-osquery-on-ubuntu-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social -
How to Install #Osquery on #Ubuntu #VPS
This article provides a guide describing how to install Osquery on Ubuntu VPS.
What is Osquery?
Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.Below is a production-ready, step-by-step guide ...
Continued 👉 https://blog.radwebhosting.com/how-to-install-osquery-on-ubuntu-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social -
How to Install #Osquery on #Ubuntu #VPS
This article provides a guide describing how to install Osquery on Ubuntu VPS.
What is Osquery?
Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.Below is a production-ready, step-by-step guide ...
Continued 👉 https://blog.radwebhosting.com/how-to-install-osquery-on-ubuntu-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social -
How to Install #Osquery on #Ubuntu #VPS
This article provides a guide describing how to install Osquery on Ubuntu VPS.
What is Osquery?
Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.Below is a production-ready, step-by-step guide ...
Continued 👉 https://blog.radwebhosting.com/how-to-install-osquery-on-ubuntu-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social -
How to Install #Osquery on #Ubuntu #VPS
This article provides a guide describing how to install Osquery on Ubuntu VPS.
What is Osquery?
Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.Below is a production-ready, step-by-step guide ...
Continued 👉 https://blog.radwebhosting.com/how-to-install-osquery-on-ubuntu-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social -
How to Install #Osquery on #Ubuntu #VPS
This article provides a guide describing how to install Osquery on Ubuntu VPS.
What is Osquery?
Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.Below is a production-ready, step-by-step guide ...
Continued 👉 https://blog.radwebhosting.com/how-to-install-osquery-on-ubuntu-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social -
How to Install #Osquery on #Ubuntu #VPS
This article provides a guide describing how to install Osquery on Ubuntu VPS.
What is Osquery?
Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.Below is a production-ready, step-by-step guide ...
Continued 👉 https://blog.radwebhosting.com/how-to-install-osquery-on-ubuntu-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social -
How to Install #Osquery on #Ubuntu #VPS
This article provides a guide describing how to install Osquery on Ubuntu VPS.
What is Osquery?
Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.Below is a production-ready, step-by-step guide ...
Continued 👉 https://blog.radwebhosting.com/how-to-install-osquery-on-ubuntu-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social -
How to Install #Osquery on #Ubuntu #VPS
This article provides a guide describing how to install Osquery on Ubuntu VPS.
What is Osquery?
Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.Below is a production-ready, step-by-step guide ...
Continued 👉 https://blog.radwebhosting.com/how-to-install-osquery-on-ubuntu-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social -
How to Install #Osquery on #Ubuntu #VPS
This article provides a guide describing how to install Osquery on Ubuntu VPS.
What is Osquery?
Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.Below is a production-ready, step-by-step guide ...
Continued 👉 https://blog.radwebhosting.com/how-to-install-osquery-on-ubuntu-vps/?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon.social -
Fleet&Osquery — швейцарский нож для ИБ, или Как мы сами себя успешно ддосили
Всем привет, меня зовут Денис, и я старший инженер инфраструктурной безопасности в Ozon. Эта статья — продолжение цикла про osquery и Fleet. Предыдущие статьи вы можете почитать здесь и здесь . В статье хочу поделиться радостью и «болью» опыта эксплуатации связки Fleet и osquery в масштабе e-commerce/highload. Этот опыт будет полезен тем, кто ещё только думает об этой связке и планирует её внедрять, а также тем, кто уже внедрил и эксплуатирует. Osquery мы эксплуатируем на рабочих станциях и серверах под управлением операционных систем MacOS, Windows и Linux. Для начала стоит напомнить, что такое osquery и Fleet и почему они так классно друг друга дополняют. Osquery — opensource, написанный на С++, представляет собой агента, запущенного на хостовой (и не только) ОС, который может предоставить большое количество информации о вашей системе и событиях в виде СУБД. Также osquery имеет два вида запросов:
-
This is an awesome product! And it is getting better and better with every single release...
#OpenSource #GitOps #MDM #FleetDM #Osquery -
#osctrl 0.3.6 is released! Updates of dependencies, bug fixes and more stability. Complete rewrite of SAML/SSO authentication and more: https://github.com/jmpsec/osctrl/releases/tag/v0.3.6 #detection #infrastructure #security #osquery #DFIR #Compliance #linux #IT
-
Does anyone have up to date info on how to use #SecurityOnion with #OSQuery ? The only mention in Seconion 2.4 docs is an unhelpful "The link takes you to Kibana".
Earlier documentation had detailed steps for generating client installers, how to enable the service through
so-allow... Now all of that is gone. -
Learn #Osquery file access monitoring at #ThursdayDefensive (12:30CT) with Chris Long. Join us! https://www.reconinfosec.com/thursday-defensive/ #cybersecurity
-
While reading on the latest #noabot #malware currently in the news https://www.akamai.com/blog/security-research/mirai-based-noabot-crypto-mining and more particularly how to detect its presence https://github.com/akamai/akamai-security-research/tree/main/malware/noabot, I've discovered the very neat #osquery tool https://www.osquery.io/.
I'm impressed how easy and expressive SQL queries can be run in parallel on all my servers to query packages/configuration items/users etc ...
It's now installed everywhere 😉
-
Fun afternoon project: #Fuse mount #osquery tables as json and apache #arrow dataframes:
https://github.com/AshyIsMe/dffs -
Starting a sentence with "Know that..." in #documentation is both efficient and a power move, I'm here for it.
-
Maximizing Threat Detections of Qakbot with #Osquery
-
This is a fun way to detect #bpfdoor and other minimalist #posix #malware using #osquery
> SELECT * FROM process_open_sockets WHERE fd=0 AND NOT (family = 1 AND protocol = 0);
It traverses /proc to find processes where the first file descriptor (typically stdin) is a socket — excluding local UNIX domain sockets as some legit programs do that.
This sounds like an unlikely detector, but I've only seen backdoors like #bpfdoor behave this way.
-
This is a fun way to detect #bpfdoor and other minimalist #posix #malware using #osquery
> SELECT * FROM process_open_sockets WHERE fd=0 AND NOT (family = 1 AND protocol = 0);
It traverses /proc to find processes where the first file descriptor (typically stdin) is a socket — excluding local UNIX domain sockets as some legit programs do that.
This sounds like an unlikely detector, but I've only seen backdoors like #bpfdoor behave this way.
-
This is a fun way to detect #bpfdoor and other minimalist #posix #malware using #osquery
> SELECT * FROM process_open_sockets WHERE fd=0 AND NOT (family = 1 AND protocol = 0);
It traverses /proc to find processes where the first file descriptor (typically stdin) is a socket — excluding local UNIX domain sockets as some legit programs do that.
This sounds like an unlikely detector, but I've only seen backdoors like #bpfdoor behave this way.
-
This is a fun way to detect #bpfdoor and other minimalist #posix #malware using #osquery
> SELECT * FROM process_open_sockets WHERE fd=0 AND NOT (family = 1 AND protocol = 0);
It traverses /proc to find processes where the first file descriptor (typically stdin) is a socket — excluding local UNIX domain sockets as some legit programs do that.
This sounds like an unlikely detector, but I've only seen backdoors like #bpfdoor behave this way.
-
This is a fun way to detect #bpfdoor and other minimalist #posix #malware using #osquery
> SELECT * FROM process_open_sockets WHERE fd=0 AND NOT (family = 1 AND protocol = 0);
It traverses /proc to find processes where the first file descriptor (typically stdin) is a socket — excluding local UNIX domain sockets as some legit programs do that.
This sounds like an unlikely detector, but I've only seen backdoors like #bpfdoor behave this way.
-
#osquery defense kit v1.6.0 just dropped with some new #blueteam queries: https://github.com/chainguard-dev/osquery-defense-kit
- unencrypted #GCP service account keys
- unexpected #sysctl calls
- unexpected #xattr calls
- unexpected file made #executable
- unexpected Security.Framework programIf nothing else, I hope the queries are useful ideas for others! Have a great weekend. 🌴
-
Hey #soc and #blueteam, if I have to hunt for #mimikatz executed from #cobaltstrike using #osquery, what are the tables I need to correlate? Though I figured out few events from security logs, I want to use OSQUERY logs for hunting. Any suggestions?
-
New Linux #malware, focused on IoT: https://www.fortinet.com/blog/threat-research/new-rapperbot-campaign-ddos-attacks
The #osquery rules we've open-sourced at https://github.com/chainguard-dev/osquery-defense-kit already have your back.
Here are the alerts that will fire when a node is infected with #RapperBot:
- hidden-executable
- unexpected-exec-dir
- sketchy-fetchers
- unexpected-executable-permissions
- unexpected-talkers -
#osquery is so fun and easy because it's #sql . Here's how to get started with #decodable ! https://github.com/decodableco/examples/blob/main/osquery/README.md