System Monitoring and Detections Using 'osquery'
‘osquery’ is an open-source tool which can be used to audit an operating system and all its configurations as an SQL-based relational database. It does so by exposing the OS, and representing abstract concepts of the OS (eg. processes, open sockets, kernel modules, etc.) as a series of SQL tables. It was developed by Facebook and was later open-sourced for the community to take part in its development. It’s cross-platform and has support for major operating systems like Windows, macOS, and Linux....