| .. | ||
| 01_research.md | ||
| 02_install_rocky.md | ||
| 03_client_app.md | ||
| 04_wazuh_integration.md | ||
| 05_demonstration.md | ||
| 06_conclusion.md | ||
| README.md | ||
| HOME | RESEARCH | INSTALLATION | CLIENT APP | INTEGRATION | DEMONSTRATION | CONCLUSION |
|---|
Charlotte Croce, Andrei Gorlitsky, Benjamin Tyler
Project 1 -OSQuery
🚀 Your security engineering technical lead has asked you to investigate a potential security tool called OSQuery. They have asked that you be prepared to demonstrate the application itself and its integration into the corporate EDR platform (wazuh). You are expected to demo your results to the full security engineering team in one week.
Demonstration Video
Google Drive link: https://drive.google.com/file/d/1TmDQrPufHJVOyXyVaR0a5f4StchSyOn2/view?usp=drive_link
Documentation Contents
- RESEARCH: Conduct high level research on OSQuery and explain what it does at a high level
- INSTALLATION: Install OSQuery on either web01 (rocky) or wks01 (windows 10)
- CLIENT APP: Investigate and demonstrate some of the features of the OSQuery client application
- INTEGRATION: Integrate OSQuery with Wazuh
- DEMONSTRATION: Develop an end to end demonstration that shows the triggering of an event that is picked up by OSQuery and how that event eventually makes it to Wazuh.
- CONCLUSION: Conclude by discussing any pros and cons of this tool and integration.
| >>>> |
|---|