Short Bytes: Facebook’s widely popular open source security project Osquery has now arrived on Windows. Windows users can grab the source code and compile it to unify the endpoint defenses. Using SQL-based queries, this framework makes the process of spotting network loopholes easier.
Osquery tables can be implemented using a simple plugin and extension API. Users can find lots of tables on osquery.io/tables.
Till now, Osquery only supported macOS, Ubuntu, and CentOS. Now, Facebook has decided to bring this open source project to Windows operating system. Interestingly, it is the most popular open source security-focus project on GitHub.
Facebook itself uses Osquery to fetch data about the browser extensions running on its corporate network. The company compares this information and identifies the malicious extensions. This technique is also known as “threat hunting”.
The social network hopes that this port to Windows will give the security teams an ability to unify the endpoint defense and take part in an open source development process.
How get started with Osquery on Windows?
The Osquery port for Windows is only distributed via source code. So, one needs to build their own package. You can get the developer kit, which includes documentation, the development environment, and a script to help you get started. Find it here.
Apart from Windows, if you are interested in grabbing Osquery for macOS and Linux, you can visit the project’s GitHub page.
Did you find this article helpful? Don’t forget to drop your feedback in the comments section below.
Also Read: Facebook Open Sources MyRocks DB Engine And ZStandard Compression Algorithm