Facebook now allows Windows admin to run Threat detection tool, OSQUERY
Facebook announced that it has successfully ported its SQL-powered detection tool, OSQUERY to its Windows version. The open source, which debuted in 2014, was available only on Mac OS X and Linux environments such as Ubuntu or CentOS.
Created by Facebook, osquery is an open-source framework that converts operating systems to relational databases, which allows users to write SQL-based queries and look for potential malware or malicious activity on their organization’s networks.
Companies can use the program for a variety of system maintenance and security functions, such as verifying that a system is running the latest versions of software, monitoring and auditing who accesses a particular file and searching for specific active processes that might indicate malware.
Osquery developer kit for Windows was developed by Facebook with the help of the security firm Trail of Bits. The release of the software across all platforms means that companies could use a single agent to keep a watch on all their systems.
“Since osquery is cross platform, network administrators will be able to monitor complex operating system states across their entire infrastructure,” Artem Dinaburg, one of the developers said, “For those already running an osquery deployment, they’ll be able to seamlessly integrate their Windows machines, allowing for far greater efficiency in their work.”
Nick Anderson, a security engineer at Facebook who announced the news on Tuesday, said the security team uses the framework to collect information on a regular basis on browser extensions used on its corporate network. The tool makes it simpler for them to identify and remove malicious extensions.
“As adoption for osquery grew, a strong and active community emerged in support of a more open approach to security,” Anderson wrote, “We saw the long-held misconception of ‘security by obscurity’ fall away as people started sharing tooling and experiences with other members of the community. Our initial release of osquery was supported for Linux and OS X, but the community was also excited for a Windows version — so we set out to build it.”
Now, that the tool runs on all major desktop configurations, it should make it much simpler for network administrators to monitor systems, Dan Guido, Trail of Bits’ CEO, said Tuesday.
“Enterprises want to move to a single agent per machine, and the most flexible and customizable agent is going to be the way to go,” he said. “Osquery is open source, so it can be audited and customized to specific environments. For example, do you want your agent to check the status of an industrial device attached to the controller machine? You can modify Osquery to do that.”
To get started with the OSquery developer kit for Windows, check this official documentation, the development environment, and a single script. The build is easy to install, and you can start coding right away.
Check out the full documentation of the development process of the OSquery developer kit for Windows on the blog post by Trail of Bits.