OS Analysis with osquery

Focused View

Joe Abraham

31:09

123 View

Exercise Files

os-analysis-osquery.zip

Module 1 - Course Overview

1. Course Overview.mp4

01:07

Module 2 - OS Analysis with osquery

1. Using osquery for OS Analysis.mp4

05:48

2. Getting Started with osquery.mp4

06:45

3. Detecting User Account Creation with osquery.mp4

04:51

4. Detecting File Movement with osquery.mp4

07:30

5. Validating osquery Detections in Kibana.mp4

03:55

Module 3 - Resources

1. Additional osquery Resources.mp4

01:13

Description

osquery is an operating system instrumentation framework for monitoring systems using a relational database. In this course, you will learn OS Analysis using osquery.

What You'll Learn?

To detect cyber attacks on our endpoints, monitoring solutions must be established. With all of the data that you can collect, how do you know what’s necessary and what’s not? In this course, OS Analysis with osquery, you’ll cover how to utilize osquery to detect common persistence and collection attack techniques in an enterprise environment. First, you’ll demonstrate how to detect user accounts being creating outside of the acceptable processes.. Next, you’ll use osquery to detect staged files being moved in the network.. Finally, you’ll analyze the data and create alerts based upon the techniques. When you’re finished with this course, you’ll have the skills and knowledge to mitigate and detect these techniques T1136 Create Account: Local Account and T1074 Data Staged using osquery.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Windows Server

Operating System Creation

Joe Abraham

Instructor's Courses

Joe Abraham, CCIE #62417, is a Network Security Consultant working in the public sector space, assisting customers develop and implement functional and secure network architectures. He graduated from Excelsior College with an M.S. in Cybersecurity and a B.S. in Information Technology (Network Management). He currently holds many IT certifications to include CCIE, CISSP, GSEC, and CCNP Security. He is also a member of the GIAC Advisory Board. Joe is a mentor to IT professionals and a blogger who spends his time either with his wife and three children, exercising, researching and writing about technology, or learning new technologies. Spending much of his experience helping to train and educate IT professionals, he is passionate about teaching and always strives to be a positive influence in the IT field.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.