通过执行SQL的方式监控和分析操作系统。如查询当前用户、进程、CPU、网络等等。支持Linux, macOS, 和 Windows
Mapping the MITRE ATT&CK Matrix with Osquery
A repository for using osquery for incident detection and response
an osquery fleet manager
Go bindings for osquery
Python bindings for osquery's Thrift API
Production-ready detection & response queries for osquery
Osquery Mangement Server
osquery extensions by Trail of Bits
Threat Hunting & Incident Investigation with Osquery
[EXPERIMENTAL] Extend osquery to report on Kubernetes
翻译 - [EXPERIMENTAL]扩展osquery以报告Kubernetes
Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, detections, a...
翻译 - Security Onion 2 - 用于威胁搜寻、企业安全监控和日志管理的 Linux 发行版
HIDS全称是Host-based Intrusion Detection System,即基于主机型入侵检测系统,HIDS运行依赖这样一个原理:一个成功的入侵者一般而言都会留下他们入侵的痕迹。本人更倾向于通过记录主机的重要信息变更来发现入侵者。 本项目由两部分组成:一部分osquery、另一部分监控脚本来补充osquery规则的不足; 本文是第一部分osquery规则部分,实现绝大部分主机信息监...