OSQuery - AndyAP7/SEC350 GitHub Wiki

What is OSQuery?

• OsQuery is a monitoring tool which allows you to see and analyze information in a table format interface. It shows this information as a database of some sort.

Installation

• export OSQUERY_KEY=1484120AC4E9F8A1A577AEEE97A80C63C9D8B80B
• sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys $OSQUERY_KEY
• sudo add-apt-repository 'deb [arch=amd64] https://pkg.osquery.io/deb deb main'
• sudo apt-get update -y
• sudo apt-get install osquery

Issues and Troubleshooting

• Integrating with Wazuh