gatewaynode
Gatewaynode

Gatewaynode

Why do I like OSQuery?

gatewaynode's photo
gatewaynode
·Nov 6, 2022·

1 min read

Mainly because it let's me leverage my knowledge of SQL to dig through various boxes without having to learn hundreds of tools or archaic API's to get the job done. Nowhere has this been more obvious than in security response, where hunting for Indicators Of Compromise is normally a very tough challenge, but with OSQuery is relatively easy. Especially when you have well authored query tool kits like these:

OSQuery Defense Kit

 
Share this