Skip to content
/ osquerySOC Public

a security operations centre developed using osquery and the ELK stack

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tsitsiflora/osquerySOC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
README.md
README.md
 
 

Repository files navigation

osquerySOC

A security operations centre developed using osquery and the ELK stack

Make use of the documentation

  1. Installing osquery
$ export OSQUERY_KEY=1484120AC4E9F8A1A577AEEE97A80C63C9D8B80B
$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys $OSQUERY_KEY
$ sudo add-apt-repository 'deb [arch=amd64] https://pkg.osquery.io/deb deb main'
$ sudo apt-get update
$ sudo apt-get install osquery

After installing, the default packages create the following structure

/etc/osquery/
/usr/share/osquery/osquery.example.conf
/usr/share/osquery/lenses/{*}.aug
/usr/share/osquery/packs/{*}.conf
/var/log/osquery/
/usr/lib/osquery/
/usr/bin/osqueryctl
/usr/bin/osqueryd
/usr/bin/osqueryi
  1. Activating osqueryd
$ sudo service osqueryd start
$ sudo systemctl enable osqueryd
$ sudo systemctl start osqueryd
  1. Configurations

An example configuration file: https://gist.github.com/anand1996aditya/3a6ead64fe97c9529eeb76a518234f0f

About

a security operations centre developed using osquery and the ELK stack

Topics

logging cybersecurity infosec

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published