Osquery Cheat Sheet
Osquery Cheat Sheet is a powerful, all-in-one guide for mastering Osquery, an open-source, endpoint visibility tool that turns your operating system into a relational database. Written for blue teamers, system administrators, and security enthusiasts, this cheat sheet-styled book provides hands-on knowledge and tactical walkthroughs using real-world scenarios, forensic techniques, and advanced configurations.
From installation to threat detection and malware analysis, you'll learn how to harness the full potential of Osquery using SQL queries and log-based investigations. Whether you're conducting incident response or building an automated detection pipeline, this guide offers actionable insights for defenders at all levels.
Table of Contents:
- Introduction to Osquery
- What is Osquery?
- SQL Syntax Basics
- Agent Modes: osqueryi vs osqueryd
- Installation & Configuration
- Installing on Ubuntu and Alibaba Cloud
- Creating Config and Flag Files
- Enabling System Logs with Rsyslog
- Query Examples: Processes, Users, Cron Jobs, etc.
- Using Packs: IT Compliance, Incident Response, FIM
- File Integrity Monitoring (FIM)
- Security Use Cases & Threat Detection
- Detecting Malicious Binaries
- Investigating Running Processes
- Detecting SUID Binaries & Suspicious Ports
- PowerShell Events Analysis
- NTFS Forensics & Timestomping
- Understanding $SI and $FN Attributes
- Identifying Timestamp Inconsistencies
- Log Path Overview
- Threat Hunting with osquery
- Detecting IOCs
- Investigating Network Connections
- Persistence Detection: Services, Tasks, Registry
- Osquery Cloud Deployment
- Running on Alibaba Cloud ECS
- Detecting Malicious Downloads (Case Study)
- Using osquery + rsyslog + Kafka + VirusTotal + Slack
- Security Packs Breakdown
Page Count: 34
Format : PDF
By Purchasing This Product, You Are Agreeing To The Terms of Service Below
Note: This product is not eligible for a refund.
If you have concerns regarding the product, kindly contact consultation@motasem-notes.net and clarify your issue and explain why the eligibility for a refund.