Watch the stream
Fleet is an open source management system for osquery, the cross-platform agent that allows you to ask anything of your endpoints, from laptops to servers and containers.
In this workshop we will:
- Install Fleet and deploy osquery to endpoints
- Use Fleet and osquery to identify software, users, configurations of endpoints (identify!)
- Use Fleet to define security policies we want our endpoints to comply with (protect!)
- Simulate different techniques based on MITRE ATT&CK, for tactics such as persistence, and then see how they can be detected with Fleet.
- We will then integrate Fleet with other software, such as The Hive Project and Slack or email, to trigger workflows based on different scenarios.
Pre-requisites/assumed knowledge:
Familiarity with virtualization tools and Linux or macOS
Participants should prepare by:
A laptop with a Linux VM with Docker to run Fleet, and enough capacity to run a few other VMs as clients. We recommend that participants bring at least 4 VMs in total:
1 Linux VM to use as the server 1 Linux VM to use as a client 2 other VMs of your choice (macOS, Windows, Linux)
Participants must have the following equipment:
A laptop with a Linux VM with Docker to run Fleet, and enough capacity to run a few other VMs as clients. We recommend that participants bring at least 4 VMs in total:
1 Linux VM to use as the server 1 Linux VM to use as a client 2 other VMs of your choice (macOS, Windows, Linux)