Channels
  • n

    niels

    2 years ago
    Hi! A startup is looking at implementing security monitoring (baseline/settings, endpoint protection) for their windows+macos machines. Is anyone doing this solely using OSS products? e.g. I see that Kolide Fleet + Wazuh is an option, but curious how others are using osquery for this purpose.
  • s

    seph

    2 years ago
    There are folks doing that with open source. I a bit about the fleet installs. I'm less familiar with other OSS products.
  • n

    niels

    2 years ago
    @seph I loved the Kolide approach, but I missed vulnerability scanning.
  • s

    seph

    2 years ago
    Thanks! Not everything is going to be right thing for everyone.
  • n

    niels

    2 years ago
    Well it worked very well, just so you know. 🙂 I suppose vulnerability detection can be easily implemented on your SaaS backend since you can extract any installed apps & os, just need to import the NVD.
  • s

    seph

    2 years ago
    For broader ecosystem things.... there are both commercial and OSS offerings, as well as rolling your own. As always, I think the trade offs are in your time.
    Glad it worked well!
  • n

    niels

    2 years ago
    Yeah, I proposed osquery/fleet/wazuh, but they don’t have that time to invest in it, so looking at commercial offerings now. Not having an MDM also makes it harder.
  • s

    seph

    2 years ago
    I think we have some blog posts somewhere, but I think there's bang per buck in fixing basic security issues, than tracking NVD. But it's obviously a lot of belt and suspenders.
  • j

    Jason W

    2 years ago
    FYI, Uptycs is commercial osquery fleet manager that does vulnerability scanning with osquery.
    Not cheap, but appears to be very good (I have not used it personally)
  • defensivedepth

    defensivedepth

    2 years ago
    So the next major version of Security Onion (code named Hybrid Hunter) includes full integration of Zeek / Suricata / Kolide Fleet + Launcher / Wazuh / Elastic Stack / TheHive / Sigma (through Playbook) - 100% open source - Beta 3 dropped today. https://blog.securityonion.net/2020/06/security-onion-hybrid-hunter-140-beta-3.html