#Osquery kinesis how to
This post will show you how to host Fleet on an EKS cluster and send scheduled query logs to an AWS Opensource destination entirely created and managed as code.įleet has two major infrastructure dependencies - a MySQL Database and a Redis Cache. At Segment, we decided to host it entirely as code on an EKS cluster, which is a new Amazon Web Services offering that makes it easy to run Kubernetes at scale. There are many ways of hosting Fleet in your environment. Once the device/s running Osquery on them are enrolled, Fleet enables us to run queries through the Osquery agent across 100,000+ servers, containers, and laptops at scale. This functionality is very powerful in order to be able to quickly get data about a host’s activity during a security investigation or pro-actively run queries on it at a regular interval that lets security teams monitor for malicious activities on a host.įleet is the most commonly used open-source Osquery manager across Security and Compliance teams in the world. It runs as a simple agent and it supports OSx, Windows or any of the Linux operating systems. Osquery exposes an operating system as a high-performance relational database that allows you to write SQL-based queries to explore operating system data. At Segment our tools of choice for Endpoint monitoring are Osquery paired with Fleet for orchestration. Endpoint Monitoring and visibility is an essential building block for the success of any Detection & Response team.
0 kommentar(er)
