Learn more: https://www.sans.org/sec599
OSQuery is an amazing (free!) tool that can collect a wide variety of information from your environment. In a previous webcast, the presenters covered some OSQuery basics and demonstrated a few queries. In this next webcast, we will go a step further and introduce how Kolide can be used to manage OSQuery in an enterprise environment. They discuss some more advanced query development techniques, which can help further enrich collected data and provide crucial insights on your environment. OSQuery & Kolide are covered in-depth during the course SEC599: Defeating Advanced Adversaries: Purple Team Tactics & Kill Chain Defenses.