NorthSec 2022

Fleet and osquery - open source device visibility
2022-05-19, 13:00–15:30, Salle de bal

Fleet is an open source management system for osquery, the cross-platform agent that allows you to ask anything of your endpoints, from laptops to servers and containers.


Fleet is an open source management system for osquery, the cross-platform agent that allows you to ask anything of your endpoints, from laptops to servers and containers.

In this workshop we will:

  1. Install Fleet and deploy osquery to endpoints
  2. Use Fleet and osquery to identify software, users, configurations of endpoints (identify!)
  3. Use Fleet to define security policies we want our endpoints to comply with (protect!)
  4. Simulate different techniques based on MITRE ATT&CK, for tactics such as persistence, and then see how they can be detected with Fleet.
  5. We will then integrate Fleet with other software, such as The Hive Project and Slack or email, to trigger workflows based on different scenarios.

What is the language of your talk/workshop?

English

Guillaume is Head of Security at Fleet Device Management, the company behind the open source Fleet management platform for managing and using osquery. While he prefers working in startups, he’s been working in security forever in organizations of all types, and prefers looking at the bright side of things and things that WORK instead of repeating 30 year old « best practices » that never have!