6 min
Automation and Orchestration
Introduction to osquery for Threat Detection and DFIR
What is osquery?
osquery is an open source tool created by Facebook
[https://github.com/facebook/osquery] for querying various information about the
state of your machines. This includes information like:
* Running processes
* Kernel modules loaded
* Active user accounts
* Active network connections
And much more!
osquery allows you to craft your system queries using SQL statements, making it
easy to use by security engineers that are already familiar with SQL.
osquery is a flexible tool
4 min
Komand
What Security Operations Teams Can Learn From Modern Productivity Software
Between your devices, how many apps do you have?The answer for many is
dozens, if not hundreds. And many are designed to help us be more efficient: to
keep track of growing to do lists, manage complex work tasks, or streamline
communication with teams. The trouble is, many of these apps don’t talk to each
other very neatly, efficiently, or at all.
So it’s no wonder that when the app orchestration solution IFTTT was launched,
over one million tasks
[http://blog.ifttt.com/post/22129854971/one-mil
4 min
Komand
The Dangers Of Linear Thinking and Why Security Analysts Should Defend in Graphs
One of my favorite tweets-turned-into blogs of last year was one by Microsoft
security’s John Lambert: “Defenders think in lists, attackers think in graphs.
[https://blogs.technet.microsoft.com/johnla/2015/04/26/defenders-think-in-lists-attackers-think-in-graphs-as-long-as-this-is-true-attackers-win]
” Though it certainly doesn’t entirely sum up the challenges of being a
defender, it drummed up some interesting conversation/controversy on twitter.
Plus as a nice, pithy statement, it has a good r