Fleet and osquery - open source device visibility

Back to the list of Speakers and Sessions
Watch the stream
Fleet is an open source management system for osquery, the cross-platform agent that allows you to ask anything of your endpoints, from laptops to servers and containers.

Fleet is an open source management system for osquery, the cross-platform agent that allows you to ask anything of your endpoints, from laptops to servers and containers.

In this workshop we will:

  1. Install Fleet and deploy osquery to endpoints
  2. Use Fleet and osquery to identify software, users, configurations of endpoints (identify!)
  3. Use Fleet to define security policies we want our endpoints to comply with (protect!)
  4. Simulate different techniques based on MITRE ATT&CK, for tactics such as persistence, and then see how they can be detected with Fleet.
  5. We will then integrate Fleet with other software, such as The Hive Project and Slack or email, to trigger workflows based on different scenarios.
Pre-requisites/assumed knowledge:

Familiarity with virtualization tools and Linux or macOS

Participants should prepare by:

A laptop with a Linux VM with Docker to run Fleet, and enough capacity to run a few other VMs as clients. We recommend that participants bring at least 4 VMs in total:

1 Linux VM to use as the server 1 Linux VM to use as a client 2 other VMs of your choice (macOS, Windows, Linux)

Participants must have the following equipment:

A laptop with a Linux VM with Docker to run Fleet, and enough capacity to run a few other VMs as clients. We recommend that participants bring at least 4 VMs in total:

1 Linux VM to use as the server 1 Linux VM to use as a client 2 other VMs of your choice (macOS, Windows, Linux)