| title |
The Osquery Extensions Skunkworks Project |
| date |
2018-06-01 |
| authors |
|
| conference |
|
| resources |
| label |
path |
Slides |
The osquery Extensions Skunkworks Project.pdf |
|
|
| label |
url |
Trail of Bits osquery Extensions |
|
|
|
Unconventional Uses for Osquery.
Facebook created osquery with certain guiding principles: don't pry into users' data, don't change the state of the system, don't create network traffic to third parties. It was originally intended as a read-only information gatherer. For those that didn't want to play by these rules, there's the extension interface. We've begun experimenting with extensions that don't align with mainline osquery: integrating with third-party services, writable tables, host-based firewall administration, malware vaccination, and more. We shared some of our lessons-learned on the challenges of using osquery as a control interface.
Resources