![]() ![]() However, a 'manual' label is populated manually without the execution of a label query, so it is meaningless to return label queries for a manual label. This are the logs I see from nginx as a proxy (fleet doesn't seem to show any logs at that point): Experience building detections on Linux systems using auditd, osquery etc. The only problem I still have left is that running live queries doesn't seem to work from the interface in any shape or form. Proficient in programming in Python and/or Golang. ![]() The lack of critical vulnerabilities and the overall project maturity leaves us confident in osquery’s security posture and we believe the balance between risk and benefit holds in this instance.Hi! I followed Rodriguez advice earlier and for most of it, fleet on kubernetes seems to work. Since most of these findings require significant rework of the code, this will likely be a long-running effort. Overall, we believe we have identified several areas for improvement and will work with the osquery project maintainers and Trail of Bits to address these findings. If you’re interested in a high-level description of the findings, the overall take was that they did not uncover any serious vulnerabilities, but found several improvements necessary to mitigate exploitation of future vulnerabilities through hardening such as sandboxing or leveraging process isolation and inter-process communication techniques. osquery is an operating system instrumentation framework for Windows, OS X (macOS), and Linux. Without further ado, here is the full review performed by Trail of Bits on osquery: ToB_Atlassian_osquery_Final_Report-2022-01.pdf With a reputation for high quality security reviews they share publicly, they were the right partner for us to perform this review and share it with the public as a contribution to the open source community. Rather than stumble around unfamiliar territory we decided to engage well-known cybersecurity research and consulting firm Trail of Bits who already partner with Atlassian on osquery feature development. Here at Atlassian our security team has extensive knowledge and experience in Java, NodeJS, Python, Golang and a few others, but we have very little expertise in C++ which is osquery’s main language. One way to reduce risk is by performing a security assessment to improve our confidence in the software we use. At Atlassian we believe in weighing the potential risks against the benefits and this is doubly true for software such as osquery which is deployed on nearly every workstation and server across our organisation. Changing how you search for information, osquery makes your operating system monitoring routine easier. With any piece of software also comes risk, as it increases the attack surface available to an adversary. Osquery is available on Mac OS X, Windows, and on many popular Linux distributions. As such, it is critical to both our detection & incident response teams in keeping Atlassian and its customers secure. At Atlassian, we use osquery extensively in nearly all of our infrastructure to monitor hosts for potentially malicious activity as well as aid in investigations should an incident occur. Osquery is an open source tool that monitors systems and exposes their configuration through SQL tables. ![]()
0 Comments
Leave a Reply. |