Osquery for Security Analysis


Osquery for Security Analysis will teach you how to use Osquery to perform thorough investigations of hosts on your network. This isn’t just an Osquery tutorial, it’s a course designed to help you improve your host-based investigation skills using one of the best tools for the job.

A production server that doesn’t normally communicate over the internet is exhibiting suspicious characteristics. It’s sending out weird bursts of network traffic to an external host you don’t know anything about. The traffic is encrypted, so network data won’t be helpful. You have to rely exclusively on host-based evidence to figure out what’s happening.

Now be completely honest with yourself. Would you be able to come to a conclusion about whether an attack has occurred? Would you be able to do it quickly? Would you be 100% certain about your determination?

If you answered no to any of those, then you aren’t alone. The truth is, investigating things on the host is overwhelming. There are so many places to look: the registry, prefetch, disk artifacts, operating system logs…the list goes on.

The problem isn’t just the number of rabbit holes, its that each one requires a different tool to access and parse the data. A question as simple as “Did the malware execute after it was downloaded?” might require a combination of a dozen complicated and unmaintained open sources tools or a pricey commercial solution.


HOMEPAGE – https://www.networkdefense.io/library/osquery-for-security-analysis/about/


Original Price: $397
Our Price: $3.99


NOTE: If you buy this course via PayPal then please wait for a while. Once we received your order you will get the direct download link within 12 hours in your email inbox. Or If you’re facing any problem with payment methods then contact us.



Size: 1.15 GB

You’ll learn:

  • How to craft SQL queries to interrogate Windows, Linux, and MacOS hosts
  • Common queries for performing software inventory and asset control
  • Strategies for interrogating processes to determine if they are malicious
  • Techniques for uncovering persistence and lateral movement
  • Triaging suspicious systems using high-value data tables
  • Hunting leveraging MITRE ATT&CK techniques
  • Complete deployment of distributed Osquery across your network using Kolide Fleet and ElasticStack
  • How to leverage differential queries to monitor state changes and generate alerts
  • Extending Osquery with extensions


There are no reviews yet.

Be the first to review “Osquery for Security Analysis”

Your email address will not be published. Required fields are marked *