Using osquery via Fleet for client/server visibility

Posted on May 1, 2018 by gzk2

Speakers: Lucas Hall

Level: Fundamental, Lecture

Excerpt: A beginner level talk exploring the basics of osquery, Kollide’s Fleet platform and real world examples of monitoring your enpoint infrastructure.

Description: This will be a beginner level talk.

This will focus more on a practical application rather than advanced theory of osquery etc.

We will discuss:

  • a high level of the tools and their integration
    ie, this how a functioning ecosystem could work, not heavy into one tool or another

  • fleet endpoints will be inclusive of linux, win, and macOS

    Planned outline as:
    A brief overview of Facebook’s osquery
    The idea of Fleet, a distribution point for osquery
    Setting up and querying fleet machines (Fleet)
    Using a syslog server for analysis and reporting, (Graylog)

    About the speaker

    Lucas Hall (Twitter: @thelukanator) – Client Platform Engineer – Saturna Capital

    Client platform engineer in Bellingham, Wa. Born and raised in Dayton, Ohio he relocated to the PNW several years ago. I work on macOS, tinker in deb based distros and game in Windows.

    • This entry was posted in MacAdmins 2018 Sessions. Bookmark the permalink.