Kolide & OSQuery: How to Build Solid Queries and Packs for Detection and Threat Hunting

Channel:

SANS Institute

Subscribers:

64,000

Published on November 29, 2018 8:04:14 PM ● Video Link: https://www.youtube.com/watch?v=1yRy94rBUU8

Category:

Guide

Duration: 59:54

8,146 views

106

Learn more: https://www.sans.org/sec599

OSQuery is an amazing (free!) tool that can collect a wide variety of information from your environment. In a previous webcast, the presenters covered some OSQuery basics and demonstrated a few queries. In this next webcast, we will go a step further and introduce how Kolide can be used to manage OSQuery in an enterprise environment. They discuss some more advanced query development techniques, which can help further enrich collected data and provide crucial insights on your environment. OSQuery & Kolide are covered in-depth during the course SEC599: Defeating Advanced Adversaries: Purple Team Tactics & Kill Chain Defenses.

Other Videos By SANS Institute

2019-01-15	SANS ICS Security Summit & Training 2019
2018-12-05	Fast Forward: Reflecting on a Life of Watching Movies and a Career in Cybersecurity
2018-12-05	Part 3 – SANS Institute and Tenable talk about OT/IT convergence and security
2018-12-05	Part 1 – SANS Institute and Tenable talk about cloud security
2018-12-05	Part 2 – SANS Institute and Tenable talk about cloud security
2018-12-05	Part 3 – SANS Institute and Tenable talk about cloud security
2018-12-05	Part 1 – SANS Institute and Tenable talk about OT/IT convergence and security
2018-12-05	Part 2 – SANS Institute and Tenable talk about OT/IT convergence and security
2018-12-04	SANS STX Cyber Range
2018-11-29	SANS Webcast - Zero Trust Architecture
2018-11-29	Kolide & OSQuery: How to Build Solid Queries and Packs for Detection and Threat Hunting
2018-11-29	SANS Webcast - Consuming OSINT: Watching You Eat, Drink, and Sleep
2018-10-24	Practical Advice for Submitting to Speak at a Cybersecurity Conference
2018-10-23	How I Pulled Off an Edgy Security Campaign – SANS Security Awareness Summit 2018
2018-10-23	The Science of Security: The Psychological Impacts of Security Awareness Programs
2018-10-23	The Dark Arts of Social Engineering – SANS Security Awareness Summit 2018
2018-10-15	SANS Webcast - YARA - Effectively using and generating rules
2018-10-15	SANS Webcast - Trust No One: Introducing SEC530: Defensible Security Architecture
2018-10-15	SANS Webcast - Perimeter Security and Why it is Obsolete
2018-10-05	Apples and Oranges?: A CompariSIEM – SANS Security Operations Summit 2018
2018-09-25	Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework

Tags:

sans institute

cybersecurity training

cyber security training

Purple Team

OSQuery

Threat Hunting

GDAT

SANS SEC599

threat hunting

kolide

Channel	Latest
RoninRevil	6 hours ago
Wos	6 hours ago
MOMOKO YODA	6 hours ago
iGuti89	6 hours ago
Pierro_fps	6 hours ago
Dragomazing	7 hours ago
Sport Piceno Game	7 hours ago
Thích Violin	7 hours ago
Der Mikeintosh	7 hours ago
UltimateNyde	7 hours ago
Nexific	7 hours ago
KevGaming87	7 hours ago
Liban Ali	7 hours ago
Reborn Project	7 hours ago
Mokka Commentry	7 hours ago
CARBON	7 hours ago
SkyWhait	7 hours ago
Lostgamerrus	8 hours ago
Crouch Gaming	8 hours ago
RayThaGawd	8 hours ago
Schannel	8 hours ago
la cueva de lobo	8 hours ago
Geezax	8 hours ago
Nubo BIT	8 hours ago
Inter	8 hours ago