|
|
|
|
|
|
by jeremymcanally
3322 days ago
|
|
|
Definitely. And you could write queries for the various indicators/files/etc., too (or use the built in YARA support and grab the rules from US-CERT). I just started working at Kolide (http://kolide.com) a couple weeks ago where we're building a whole product on top of osquery. I'm constantly surprised by "can it do (x)" and the answer is almost always yes. It's pretty solid! |
|
|