![osquery kolide osquery kolide](https://kifarunix.com/wp-content/uploads/2019/08/kolide-new-host.png)
Osquery kolide upgrade#
Case study: dnsmasq vulnerabilitiesĪfter Google’s security team published their blog detailing the numerous vulnerabilities with dnsmasq, our InfoSec team spun up an effort to remove dnsmasq wherever it was installed and upgrade dnsmasq to the patched version wherever it was still required. Multiple RCE vulnerabilities were discovered in dnsmasq a widely and commonly used applicationĮach of these incidents required the capability to ask a series of “questions” to the entirety of a fleet in order to identify impacted systems.A release of CCleaner.exe was packaged with a malicious backdoor.
Osquery kolide code#
![osquery kolide osquery kolide](https://knowledge.sakura.ad.jp/images/2019/07/osquery-with-fleet-slide_2019-07-08-15-27-28.png)
While endpoint detection and protection tools can provide some lift out-of-the-box, deep insight and analysis of security-relevant events is crucial to detecting advanced threats. Incident detection and response across thousands of hosts requires a deep understanding of actions and behavior across users, applications, and devices. Every effective Incident Response team needs the ability to “ask a question” to a single or multiple hosts in the fleet and receive timely and accurate answers.