TO REGISTER FOR THIS WORKSHOP, GO
HERE. NOTE THAT SPACE IS VERY LIMITED.
In this workshop, we will learn how to use osquery in a variety of environments and then use it to solve problems security teams everywhere have.
Required: One or more PC or VM running Mac, Windows, or Linux with Chrome installed as well as osquery installed. If osquery is not installed, do not worry; we will start the workshop with instructions on how to do that, and for Linux, we will provide a virtual appliance you can import. Be aware that we will centralize some of the osquery logs we generate, so we ask that you do not use a personal computer with your real data on it, unless you agree with other students being able to see the output of your queries.
In this workshop, we will understand how osquery is deployed, look at the way many companies get successfully attacked, monitor our systems for these issues, implement a fix, and check that it was implemented properly with osquery. We will also look at how osquery extensions can allow us to manage our systems in a more proactive way, by writing to them instead of just querying them.
If you have to manage endpoints in an environment that includes Mac, Linux, Windows, and even Docker containers, this workshop is a great way to learn about ways to manage security homogeneously, on an heterogenous environment.
