Osquery: The Basics
Premium roomLet's cover the basics of Osquery.
easy
120 min
33,491
To access material, start machines and answer questions login.
Osquery (opens in new tab) is an open-source (opens in new tab) agent created by Facebook (opens in new tab) in 2014. It converts the operating system into a relational database. It allows us to ask questions from the tables using queries, like returning the list of running processes, a user account created on the host, and the process of communicating with certain suspicious domains. It is widely used by Security Analysts, Incident Responders, Threat Hunters, etc. Osquery can be installed on multiple platforms: Windows, , macOS, and FreeBSD.
Learning Objective
In this introductory room, the following learning objectives are covered:
- What is Osquery, and what problem it solves?
- Osquery in Interactive Mode
- How to use the interactive mode of Osquery to interact with the operating system
- How to join two tables to get a single answer
Note : It is highly beneficial if you're already familiar with queries. If not, check out this Tutorial (opens in new tab).
Ready to learn Cyber Security?
The Osquery: The Basics room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in