![]() ![]() Unfortunately osquery doesn’t provide a great deal of support for audits on Windows operating system. Secondly, its sweet secret sauce that enables to collect data in form of structured SQL tables and thereby enabling a much easier audit process. It is a community built agent and therefore ‘free’. With agents like osquery, this problem gets addressed to quite an extent. When it comes to auditing reports for endpoint devices, for the sheer volume of data they generate, compounds the problem of audits. 4) Removable media activity - Record the USB inserts 5) Health check monitor of the security software on the device 6) Regular monitoring of application and system logs 2) Process activity - Record the laucnch of all the processes that could then be matched against any suspicious rules 3) Networking activity - Record all the inbound/outbound connection activity and (as mentioned above) DNS look up and resolutions, http requests, so on and so forth. ![]() For one, it needs procurement of relevant tools and then a bevy of experts to generate reports, each of which is neither easy nor cheap.įor most security based audits, following activities from a device need to be monitored regularly:ġ) File Activity (File Integrity Monitoring) - Define a set of files (and folders) where all the write/modify/delete actions can be tracked. With the latest breach on the DNS infrastructure, the US government has also advised on the importance of audits.īut then comes the question of the RoI with regular audits and setting up practices around it. And as the famous adage goes ‘prevention is better than cure’. Regular audit of the cyber telemetry is not only needed as a part of a various compliance checks (PCI-DSS, HIPPA, GDPR etc), it is an equally important aspect for maintaining cyber hygiene and can prevent plenty of breaches. Using osquery for Audits and compliance - Windows ![]()
0 Comments
Leave a Reply. |