A Deep Dive in Osquery presented at BSidesLuxembourg 2018

by Fabio Nigi,

Summary : We will see how Osquery works, and how to use it to protect your environment. During the workshop, we will demonstrate how to collect and track down IOCs in an investigation scenario from processes running without a binary on disk to Yara rules integration. By the end of the workshop, you will understand how to deploy Osquery on a global scale, and how to integrate the right plugins and community projects.