Osquery for Security Analysis will teach you how to use Osquery to perform thorough investigations of hosts on your network. This isn’t just an Osquery tutorial, it’s a course designed to help you improve your host-based investigation skills using one of the best tools for the job.You’ll learn:
- How to craft SQL queries to interrogate Windows, Linux, and MacOS hosts
- Common queries for performing software inventory and asset control
- Strategies for interrogating processes to determine if they are malicious
- Techniques for uncovering persistence and lateral movement
- Triaging suspicious systems using high-value data tables
- Hunting leveraging MITRE ATT&CK techniques
- Complete deployment of distributed Osquery across your network using Kolide Fleet and ElasticStack
- How to leverage differential queries to monitor state changes and generate alerts
- Extending Osquery with extensions
If you want to level up your host-based investigation skills using one of the best open source tools available, Osquery for Security Analysis is the course you’re looking for.
Osquery for Security Analysis Includes:
Over 5 hours of demonstration videos. These videos will break down the concepts and skills you need to become adept at using Osquery and improve your host interrogation skills.
Hands-on labs to help you develop and test your skills. You’ll complete lab exercises by downloading compromised virtual machines and using Osquery to figure out what happened. You’ll also complete a final challenge using Kolide Fleet to investigate multiple systems in a real-world scenario.
Our Osquery investigation cheat sheet. We’ve picked our favorite queries and combined them into a quick reference cheat sheet. I keep mine in my desk drawer and use it all the time!
Participation in our student charitable profit sharing program. A few times a year we designate a portion of our proceeds for charitable causes. AND students get to take part in nominating charities that are important to them to receive these donations.