![]() You will find this common with browser-related tables, such as the firefox_addons table. Some of these tables report per-user data. docker_containers and docker_images: Information about running containers and their imagesįor each of these tables you find valuable, you will need to select information.įor example, here’s how you gather the name and version of Debian packages: SELECT name, version FROM deb_packages Īnd here’s how you can track the package repositories on a Debian/Ubuntu system: SELECT source, base_uri, release, version, maintainer, components, architectures FROM apt_sources.python_packages: Python packages, such as those installed with PyPI, the Python package manager.atom_packages: Atom (the text editor) packages installed.npm_packages: Packages installed using the popular Node package manager npm.homebrew_packages: Homebrew packages, which are super popular on Mac and need to be tracked if we want to be able to deal with vulnerabilities.chocolatey_packages: All packages installed using the Windows package manager Chocolatey (similar to Homebrew on Mac).Tables related to common third-party package managers: ie_extensions: Internet Explorer extensions.firefox_addons: Firefox extensions, web apps, and add-ons.chrome_extensions: Chrome extensions, which can be supplemented with chrome_extensions_content_scripts to see the actual content scripts in those extensions.browser_plugins: All C/NPAPI browser plugin details for all users.rpm packages (RedHat, CentOS, etc.)īrowser extension and plugin-related tables: programs: Applications installed on Windows, typically shown in “Add/Remove Programs”.portage_packages: Portage packages (Gentoo).Tables to gather inventory from first-party package managers and built-in OS application installs: #Osquery for windows freeGet started with threat hunting with osquery in our free on-demand webinar. #Osquery for windows softwareKnowing which software repositories are configured also allows you to detect unauthorized repositories.īelow you'll find multiple tables available in osquery that will allow you to manage software inventory, from the standard package management software packages to browser extensions and much more. #Osquery for windows pdfNext time you hear about a critical vulnerability on a Chrome extension, or you notice malware targeting a specific version of a PDF reader in your environment, you’ll be able to instantly see which assets are at risk. Once you know the tables osquery has for software inventory, you will be able to automate the collection of that data, so it is always available to you. getting a thorough understanding of what is installed requires looking at many different sources of information. Regular applications, app stores, browser extensions, third-party package managers. Software inventory can be easier said than done, as there are more and more sources for software on our workstations and servers. There’s a good reason software inventory is No. Gathering software inventory is an important part of security and systems management. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |