Project 1: OS Query Guide & Notes
- Explain OSQuery from a high level
- Install OSQuery [Linux &OR Windows]
- Intergrate OSQuery and Wazuh
- Demonstrate live intergration between Wazuh and OSQuery
- Pros & Cons of Tool Intergration
Installing OSQuery on Web01
| System |
Command |
Purpose / image |
| [FW01](configure) |
delete firewall name DMZ-to-WAN rule 999 disable |
|
| [WEB01](cli) |
yum install yum-utils |
|
| [WEB01](cli) |
curl -L https://pkg.osquery.io/rpm/GPG | sudo tee /etc/pki/rpm-gpg/RPM-GPG-KEY-osquery |
|
| [WEB01](cli) |
sudo yum-config-manager --add-repo https://pkg.osquery.io/rpm/osquery-s3-rpm.repo |
|
| [WEB01](cli) |
sudo yum-config-manager --enable osquery-s3-rpm-repo |
|
| [WEB01](cli) |
sudo yum install osquery |
|
| [FW01](configure) |
set firewall name DMZ-to-WAN rule 999 disable |
|
| [WEB01](cli) |
sudo cp /opt/osquery/share/osquery/osquery.example.conf /etc/osquery.conf |
|
| [WEB01](cli) |
sudo systemctl start osqueryd |
|
| [WEB01](cli) |
sudo systemctl status osqueryd |
|
Accessing OSQuery interface
| System |
Command |
Purpose / image |
|
osqueryi --verbose |
|
|
Select Distinct |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- https://osquery.io/downloads/official/5.15.0
- https://osquery.readthedocs.io/en/stable/installation/install-linux/