Want to know every time someone installs a new Chrome extension? All listening sockets on external interfaces, and the process name and user/group its owned by? New root certificate authorities added to the keychain? Done, all thanks to osquery introspection capabilities coupled with Doorman. (macOS, Windows, Linux, ChromeOS, AWS, Google Cloud. It is one of the few security tools that I honestly can say I "set and forget" with respects to the rules we write. Open-source device management for IT and security teams with thousands of laptops and servers. One of the stronger points of Doorman is it's builtin rules and alerting engine. Kolide Fleet was an open-source Osquery Fleet Manager written in Go and Javascript. We favor tools like osquery that don't expose remote command and control capabilities over tools like Chef or Puppet that concentrates super powers in the hands of a few people. Our API and CLI provide the flexibility to program Fleet as you see fit. Made for customization Integrations with leading configuration management platforms, including Chef, Munki, and Puppet, allow for efficiency in your management workflows. The Fleet directory contains YAML files to be imported into Kolide's Fleet osquery management tool Within each of those folders, you will find the following subdirectories: Endpoints : The contents of this folder are tailored towards monitoring MacOS and Windows endpoints that are not expected to be online at all times. Besides gaining remote administration functionality to osquery, we developed Doorman with a security-first attitude. Fleet uses a GitOps workflow, ensuring checks and balances for your configuration deployments. We use osquery and Doorman at my company to gain visibility into our laptops in a manner many remote control based applications don't provide. I wrote Doorman as a way of utilizing osquery's TLS remoting endpoints, allowing me to dynamically configure an endpoint with custom queries, as well as run ad-hoc queries. Get comprehensive, customizable data from all your devices and operating systems without the downtime. Whether your goal is intrusion detection, infrastructure reliability, or compliance, osquery gives you the ability to empower and inform a broad set of organizations within your company." Fleet is the lightweight, programmable telemetry platform for servers and workstations. Some background, from osquery's site: "osquery allows you to easily ask questions about your Linux, Windows, and OS X infrastructure. Osquery is an operating system instrumentation agent that provides a unique and refreshing approach to security. IoT Fleet Management market size was valued at USD 8375.54 million in 2021 and is expected to expand at a CAGR of 21.2 during the forecast period, reaching USD 26553.46 million by.
0 Comments
Leave a Reply. |