登录
下载
技能 编程开发 Osquery 端点监控部署指南

Osquery 端点监控部署指南

v20260317
implementing-osquery-for-endpoint-monitoring
自动部署 osquery 定时查询,持续监控端点的进程、网络监听、文件完整性与持久化机制,生成配置与差异日志,分析异常并输出安全调查报告。
端点监控 Osquery 安全运营 进程监控 网络安全 文件完整性 持久化
获取技能
291 次下载
概览

Instructions

  1. Install dependencies: pip install requests (osquery installed on endpoints)
  2. Generate osquery.conf with scheduled query packs for:
    • Process monitoring: new processes, unusual parent-child relationships
    • Network listeners: unexpected listening ports and outbound connections
    • File integrity: modifications in /etc, /usr/bin, system32
    • Persistence: cron jobs, startup items, scheduled tasks, services
  3. Deploy configuration to endpoints.
  4. Analyze differential results from osquery log output.
  5. Generate security findings report.
python scripts/agent.py --results-dir /var/log/osquery/results/ --output osquery_report.json

Examples

Osquery Scheduled Query

{"schedule": {"process_snapshot": {"query": "SELECT pid, name, path, cmdline, uid FROM processes WHERE on_disk = 0;", "interval": 300}}}
信息
Category 编程开发
Name implementing-osquery-for-endpoint-monitoring
版本 v20260317
大小 8.51KB
Source mukul975/Anthropic-Cybersecurity-Skills
更新时间 2026-03-18
语言
简体中文
English