Facebook’s Popular Open Source Security Tool Osquery Comes To Windows


facebook-osquery-open-source-tool-windows-linux-macosShort Bytes: Facebook’s widely popular open source security project Osquery has now arrived on Windows. Windows users can grab the source code and compile it to unify the endpoint defenses. Using SQL-based queries, this framework makes the process of spotting network loopholes easier.

Back in 2014, Facebook introduced a framework called Osquery with an aim to treat the low-level operating system monitoring differently. It exposes an OS as a high-performance relational database and allows one to write SQL-based queries for exploring the PS. This lets the sysadmins get to know about the running processes, loaded kernel modules, and open network connections.

osquery> SELECT uid, name FROM listening_ports l, processes p WHERE l.pid=p.pid;

Osquery tables can be implemented using a simple plugin and extension API. Users can find lots of tables on osquery.io/tables.

Till now, Osquery only supported macOS, Ubuntu, and CentOS. Now, Facebook has decided to bring this open source project to Windows operating system. Interestingly, it is the most popular open source security-focus project on GitHub.

Facebook itself uses Osquery to fetch data about the browser extensions running on its corporate network. The company compares this information and identifies the malicious extensions. This technique is also known as “threat hunting”.

The social network hopes that this port to Windows will give the security teams an ability to unify the endpoint defense and take part in an open source development process.osqueryi

How get started with Osquery on Windows?

The Osquery port for Windows is only distributed via source code. So, one needs to build their own package. You can get the developer kit, which includes documentation, the development environment, and a script to help you get started. Find it here.

Apart from Windows, if you are interested in grabbing Osquery for macOS and Linux, you can visit the project’s GitHub page.

Did you find this article helpful? Don’t forget to drop your feedback in the comments section below.

Also Read: Facebook Open Sources MyRocks DB Engine And ZStandard Compression Algorithm

Adarsh Verma

Adarsh Verma

Fossbytes co-founder and an aspiring entrepreneur who keeps a close eye on open source, tech giants, and security. Get in touch with him by sending an email — [email protected]
More From Fossbytes

Latest On Fossbytes

Find your dream job