home.social

#osquery — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #osquery, aggregated by home.social.

  1. How to Install #Osquery on #Ubuntu #VPS This article provides a guide describing how to install Osquery on Ubuntu VPS. What is Osquery? Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ... Continued 👉

    How to Install Osquery on Ubun...

  2. How to Install #Osquery on #Ubuntu #VPS

    This article provides a guide describing how to install Osquery on Ubuntu VPS.
    What is Osquery?
    Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.

    Below is a production-ready, step-by-step guide ...
    Continued 👉 blog.radwebhosting.com/install

  3. How to Install #Osquery on #Ubuntu #VPS

    This article provides a guide describing how to install Osquery on Ubuntu VPS.
    What is Osquery?
    Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.

    Below is a production-ready, step-by-step guide ...
    Continued 👉 blog.radwebhosting.com/install

  4. How to Install #Osquery on #Ubuntu #VPS

    This article provides a guide describing how to install Osquery on Ubuntu VPS.
    What is Osquery?
    Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.

    Below is a production-ready, step-by-step guide ...
    Continued 👉 blog.radwebhosting.com/install

  5. How to Install #Osquery on #Ubuntu #VPS

    This article provides a guide describing how to install Osquery on Ubuntu VPS.
    What is Osquery?
    Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.

    Below is a production-ready, step-by-step guide ...
    Continued 👉 blog.radwebhosting.com/install

  6. How to Install #Osquery on #Ubuntu #VPS

    This article provides a guide describing how to install Osquery on Ubuntu VPS.
    What is Osquery?
    Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.

    Below is a production-ready, step-by-step guide ...
    Continued 👉 blog.radwebhosting.com/how-to-

  7. Memory Analysis for #Linux has always been a bit hit-or-miss. Trail of Bits has released a tool called #mquire that doesn't require debug symbols for the originating Kernel.

    It also uses SQL-based queries to perform analysis, similar to #OSquery.

    blog.trailofbits.com/2026/02/2

    #MemoryForensics #IncidentResponse #DFIR #DigitalForensics

  8. Memory Analysis for #Linux has always been a bit hit-or-miss. Trail of Bits has released a tool called #mquire that doesn't require debug symbols for the originating Kernel.

    It also uses SQL-based queries to perform analysis, similar to #OSquery.

    blog.trailofbits.com/2026/02/2

    #MemoryForensics #IncidentResponse #DFIR #DigitalForensics

  9. Memory Analysis for #Linux has always been a bit hit-or-miss. Trail of Bits has released a tool called #mquire that doesn't require debug symbols for the originating Kernel.

    It also uses SQL-based queries to perform analysis, similar to #OSquery.

    blog.trailofbits.com/2026/02/2

    #MemoryForensics #IncidentResponse #DFIR #DigitalForensics

  10. Memory Analysis for #Linux has always been a bit hit-or-miss. Trail of Bits has released a tool called #mquire that doesn't require debug symbols for the originating Kernel.

    It also uses SQL-based queries to perform analysis, similar to #OSquery.

    blog.trailofbits.com/2026/02/2

    #MemoryForensics #IncidentResponse #DFIR #DigitalForensics

  11. Memory Analysis for #Linux has always been a bit hit-or-miss. Trail of Bits has released a tool called #mquire that doesn't require debug symbols for the originating Kernel.

    It also uses SQL-based queries to perform analysis, similar to #OSquery.

    blog.trailofbits.com/2026/02/2

    #MemoryForensics #IncidentResponse #DFIR #DigitalForensics

  12. How to Install #Osquery on #Ubuntu #VPS

    This article provides a guide describing how to install Osquery on Ubuntu VPS.
    What is Osquery?
    Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.

    Below is a production-ready, step-by-step guide ...
    Continued 👉 blog.radwebhosting.com/how-to-

  13. How to Install #Osquery on #Ubuntu #VPS

    This article provides a guide describing how to install Osquery on Ubuntu VPS.
    What is Osquery?
    Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.

    Below is a production-ready, step-by-step guide ...
    Continued 👉 blog.radwebhosting.com/how-to-

  14. How to Install #Osquery on #Ubuntu #VPS

    This article provides a guide describing how to install Osquery on Ubuntu VPS.
    What is Osquery?
    Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.

    Below is a production-ready, step-by-step guide ...
    Continued 👉 blog.radwebhosting.com/how-to-

  15. How to Install #Osquery on #Ubuntu #VPS

    This article provides a guide describing how to install Osquery on Ubuntu VPS.
    What is Osquery?
    Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.

    Below is a production-ready, step-by-step guide ...
    Continued 👉 blog.radwebhosting.com/how-to-

  16. How to Install #Osquery on #Ubuntu #VPS

    This article provides a guide describing how to install Osquery on Ubuntu VPS.
    What is Osquery?
    Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.

    Below is a production-ready, step-by-step guide ...
    Continued 👉 blog.radwebhosting.com/how-to-

  17. How to Install #Osquery on #Ubuntu #VPS

    This article provides a guide describing how to install Osquery on Ubuntu VPS.
    What is Osquery?
    Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.

    Below is a production-ready, step-by-step guide ...
    Continued 👉 blog.radwebhosting.com/how-to-

  18. How to Install #Osquery on #Ubuntu #VPS

    This article provides a guide describing how to install Osquery on Ubuntu VPS.
    What is Osquery?
    Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.

    Below is a production-ready, step-by-step guide ...
    Continued 👉 blog.radwebhosting.com/how-to-

  19. How to Install #Osquery on #Ubuntu #VPS

    This article provides a guide describing how to install Osquery on Ubuntu VPS.
    What is Osquery?
    Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.

    Below is a production-ready, step-by-step guide ...
    Continued 👉 blog.radwebhosting.com/how-to-

  20. How to Install #Osquery on #Ubuntu #VPS

    This article provides a guide describing how to install Osquery on Ubuntu VPS.
    What is Osquery?
    Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.

    Below is a production-ready, step-by-step guide ...
    Continued 👉 blog.radwebhosting.com/how-to-

  21. How to Install #Osquery on #Ubuntu #VPS

    This article provides a guide describing how to install Osquery on Ubuntu VPS.
    What is Osquery?
    Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.

    Below is a production-ready, step-by-step guide ...
    Continued 👉 blog.radwebhosting.com/how-to-

  22. How to Install #Osquery on #Ubuntu #VPS

    This article provides a guide describing how to install Osquery on Ubuntu VPS.
    What is Osquery?
    Osquery is a lightweight, SQL-powered agent that lets you query your Linux system like a database. Need to list running processes, open ports, installed packages, or detect file changes? You can do it all with plain SELECT statements and automate them on a schedule.

    Below is a production-ready, step-by-step guide ...
    Continued 👉 blog.radwebhosting.com/how-to-

  23. Fleet&Osquery — швейцарский нож для ИБ, или Как мы сами себя успешно ддосили

    Всем привет, меня зовут Денис, и я старший инженер инфраструктурной безопасности в Ozon. Эта статья — продолжение цикла про osquery и Fleet. Предыдущие статьи вы можете почитать здесь и здесь . В статье хочу поделиться радостью и «болью» опыта эксплуатации связки Fleet и osquery в масштабе e-commerce/highload. Этот опыт будет полезен тем, кто ещё только думает об этой связке и планирует её внедрять, а также тем, кто уже внедрил и эксплуатирует. Osquery мы эксплуатируем на рабочих станциях и серверах под управлением операционных систем MacOS, Windows и Linux. Для начала стоит напомнить, что такое osquery и Fleet и почему они так классно друг друга дополняют. Osquery — opensource, написанный на С++, представляет собой агента, запущенного на хостовой (и не только) ОС, который может предоставить большое количество информации о вашей системе и событиях в виде СУБД. Также osquery имеет два вида запросов:

    habr.com/ru/companies/ozontech

    #fleetdm #fleet #osquery #opensource

  24. Does anyone have up to date info on how to use #SecurityOnion with #OSQuery ? The only mention in Seconion 2.4 docs is an unhelpful "The link takes you to Kibana".

    Earlier documentation had detailed steps for generating client installers, how to enable the service through so-allow... Now all of that is gone.

    #InfoSec #OSS #OSSInfoSec #kibana

  25. While reading on the latest #noabot #malware currently in the news akamai.com/blog/security-resea and more particularly how to detect its presence github.com/akamai/akamai-secur, I've discovered the very neat #osquery tool osquery.io/.

    I'm impressed how easy and expressive SQL queries can be run in parallel on all my servers to query packages/configuration items/users etc ...

    It's now installed everywhere 😉

  26. Starting a sentence with "Know that..." in #documentation is both efficient and a power move, I'm here for it.

    #osquery

  27. This is a fun way to detect #bpfdoor and other minimalist #posix #malware using #osquery

    > SELECT * FROM process_open_sockets WHERE fd=0 AND NOT (family = 1 AND protocol = 0);

    It traverses /proc to find processes where the first file descriptor (typically stdin) is a socket — excluding local UNIX domain sockets as some legit programs do that.

    This sounds like an unlikely detector, but I've only seen backdoors like #bpfdoor behave this way.

    From unfinished.bike/fun-with-the-n

  28. This is a fun way to detect #bpfdoor and other minimalist #posix #malware using #osquery

    > SELECT * FROM process_open_sockets WHERE fd=0 AND NOT (family = 1 AND protocol = 0);

    It traverses /proc to find processes where the first file descriptor (typically stdin) is a socket — excluding local UNIX domain sockets as some legit programs do that.

    This sounds like an unlikely detector, but I've only seen backdoors like #bpfdoor behave this way.

    From unfinished.bike/fun-with-the-n

  29. This is a fun way to detect #bpfdoor and other minimalist #posix #malware using #osquery

    > SELECT * FROM process_open_sockets WHERE fd=0 AND NOT (family = 1 AND protocol = 0);

    It traverses /proc to find processes where the first file descriptor (typically stdin) is a socket — excluding local UNIX domain sockets as some legit programs do that.

    This sounds like an unlikely detector, but I've only seen backdoors like #bpfdoor behave this way.

    From unfinished.bike/fun-with-the-n

  30. This is a fun way to detect #bpfdoor and other minimalist #posix #malware using #osquery

    > SELECT * FROM process_open_sockets WHERE fd=0 AND NOT (family = 1 AND protocol = 0);

    It traverses /proc to find processes where the first file descriptor (typically stdin) is a socket — excluding local UNIX domain sockets as some legit programs do that.

    This sounds like an unlikely detector, but I've only seen backdoors like #bpfdoor behave this way.

    From unfinished.bike/fun-with-the-n

  31. This is a fun way to detect #bpfdoor and other minimalist #posix #malware using #osquery

    > SELECT * FROM process_open_sockets WHERE fd=0 AND NOT (family = 1 AND protocol = 0);

    It traverses /proc to find processes where the first file descriptor (typically stdin) is a socket — excluding local UNIX domain sockets as some legit programs do that.

    This sounds like an unlikely detector, but I've only seen backdoors like #bpfdoor behave this way.

    From unfinished.bike/fun-with-the-n

  32. #osquery defense kit v1.6.0 just dropped with some new #blueteam queries: github.com/chainguard-dev/osqu

    - unencrypted #GCP service account keys
    - unexpected #sysctl calls
    - unexpected #xattr calls
    - unexpected file made #executable
    - unexpected Security.Framework program

    If nothing else, I hope the queries are useful ideas for others! Have a great weekend. 🌴

  33. Hey #soc and #blueteam, if I have to hunt for #mimikatz executed from #cobaltstrike using #osquery, what are the tables I need to correlate? Though I figured out few events from security logs, I want to use OSQUERY logs for hunting. Any suggestions?

    #threathunting #threatintel

  34. New Linux #malware, focused on IoT: fortinet.com/blog/threat-resea

    The #osquery rules we've open-sourced at github.com/chainguard-dev/osqu already have your back.

    Here are the alerts that will fire when a node is infected with #RapperBot:

    - hidden-executable
    - unexpected-exec-dir
    - sketchy-fetchers
    - unexpected-executable-permissions
    - unexpected-talkers