[Bro-Dev] osquery integration
Seth Hall
seth at icir.org
Wed Feb 4 06:57:41 PST 2015
> On Feb 3, 2015, at 6:23 PM, Robin Sommer <robin at icir.org> wrote:
>
> Out of a discussion with Seth and Vlad this morning, I put togehter a
> project description for integrating Bro with osquery as a host-based
> sensor, using Broker for communication.
>
> https://www.bro.org/development/projects/osquery.html
That’s a really nice summary. Thanks!
Also, I spent a bit of time digging through the osquery source yesterday and it looks like it’s possible with the api they expose to submit new queries into osqueryd dynamically so that we could just start up osqueryd and Bro would send over all of the queries that we would like the host to run.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the bro-dev
mailing list