“First, identifying critical events for compliance reporting and monitoring. “The compliance capabilities that AgentX offers solve two of the main challenges compliance and security teams face today,” says Christian Have. The rich endpoint telemetry enhances security observations, providing analysts with threat and operational context about incidents and more detailed analyses of threats. Analysts can detect and respond to threats from a single console with end-to-end playbooks, analytics and use-cases shipped for common threats and techniques.”ĪgentX brings endpoint observability from log collection, osquery integration, and vulnerability management to the converged security operations platform.
“AgentX expands the visibility of our security operations platform. Adding AgentX to our platform changes the paradigm from log-collection to observability and interrogation to action-driven response,” says Christian Have, Logpoint CTO. “Our vision is to drive accelerated detection and response to threats. In addition to gathering telemetry, AgentX adds interrogation, compliance checks, and vulnerability management capabilities to Logpoint’s security operations platform, converging SIEM, SOAR, and UEBA technologies, to improve overall security posture significantly. AgentX accelerates threat detection and investigation on endpoints and ensures fast response capabilities. Outside of this work, he climbs rocks and is an amateur Arduino programmer building blinky devices.Logpoint today announced the launch of AgentX, an endpoint agent for Windows, Linux, MacOS, and Cloud deployments. He is cofounder and Principal Engineer at Kolide, where he builds products to help operators drive more value from osquery. Zach has been contributing to osquery since its inception in 2014, and believes that open-source is the future. Zachary Wasserman (Twitter: – Principal Engineer – Kolide These skills will be useful for anyone interested in accessing macOS internals from a security or IT perspective.
OSQUERY MACOS HOW TO
In this workshop we will learn how to explore data we are interested in, incorporate it into scripting workflows, and use osquery for monitoring of important data. We can craft simple SQL queries to extract, transform and combine data sources that interest us. Open-sourced by Facebook in 2014, this tool standardizes all of these disparate sources of state, enabling rapid iteration and understanding without writing any code. What can we do to tame this complexity and focus on the underlying data we are after?Įnter osquery. This workshop will expose the important concepts through hands-on examples.ĭescription: Accessing the data that admins are interested in on a macOS system can require many distinct methods: Parsing command output, accessing public and private system APIs, accessing POSIX and mac-specific configuration files and more. Level: Advanced, Hands-on (BYOD for attendees)Įxcerpt: macOS is a complex beast! Learn how osquery can tame the complexity and enable rapid iteration on insights, becoming a critical component of monitoring pipelines.
0 kommentar(er)
