Short Bytes: Facebook’s widely popular open source security project Osquery has now arrived on Windows. Windows users can grab the source code and compile it to unify the endpoint defenses. Using SQL-based queries, this framework makes the process of spotting network loopholes easier.
Osquery tables can be implemented using a simple plugin and extension API. Users can find lots of tables on osquery.io/tables.
Till now, Osquery only supported macOS, Ubuntu, and CentOS. Now, Facebook has decided to bring this open source project to Windows operating system. Interestingly, it is the most popular open source security-focus project on GitHub.
Facebook itself uses Osquery to fetch data about the browser extensions running on its corporate network. The company compares this information and identifies the malicious extensions. This technique is also known as “threat hunting”.
How get started with Osquery on Windows?
The Osquery port for Windows is only distributed via source code. So, one needs to build their own package. You can get the developer kit, which includes documentation, the development environment, and a script to help you get started. Find it here.
Apart from Windows, if you are interested in grabbing Osquery for macOS and Linux, you can visit the project’s GitHub page.
Did you find this article helpful? Don’t forget to drop your feedback in the comments section below.