It’s been an awesome year for the Fleet project. I’ve had the chance to work with organizations such as Bloomberg, Security Onion, Secureframe, and more to make some major improvements to Fleet. With 3.0, users have been successfully scaling into deployments in the tens of thousands of hosts.
Development of Fleet has moved along primarily with the support of my contributions and those of our growing community. Though Kolide’s name remained on the repository, the company’s attention has moved to their User Focused Security SaaS offering.
Development of Fleet is moving to github.com/fleetdm/fleet. Kolide is discontinuing support for the original…
What is the state of event instrumentation with osquery on Linux today? How is the Audit framework meeting Linux visibility needs, and what are the shortcomings of the approach? What is eBPF and how will it open new opportunities for osquery instrumentation on Linux?
This talk discusses the Audit approach to Linux events with osquery, including configuration and the capabilities exposed. eBPF is introduced along with the new
bpf_socket_events tables. We conclude with thoughts about the future of eBPF and osquery on Linux.
Zach is cofounder and CTO of Fleet, where he works to unlock the full potential of osquery for enterprise and open-source customers.