It’s been an awesome year for the Fleet project. I’ve had the chance to work with organizations such as Bloomberg, Security Onion, Secureframe, and more to make some major improvements to Fleet. With 3.0, users have been successfully scaling into deployments in the tens of thousands of hosts.

Crystalline endpoint structures suspended in the clouds, with the new Fleet logo underneath.

Development of…

Zach Wasserman shows us how to dig up Log4j in your system using osquery (and Fleet.)

Log4j is a widely used Java-based logging library that has been under active development since 1999 by The Apache Software Foundation. Security researchers have found a zero-day vulnerability CVE-2021–44228 that is actively being exploited in the wild to take control of an affected computer remotely.

In response, the ASF has…

What is the state of event instrumentation with osquery on Linux today? How is the Audit framework meeting Linux visibility needs, and what are the shortcomings of the approach? What is eBPF and how will it open new opportunities for osquery instrumentation on Linux?

This talk discusses the Audit approach to Linux events with osquery, including configuration and the capabilities exposed. eBPF is introduced along with the new bpf_process_events and bpf_socket_events tables. We conclude with thoughts about the future of eBPF and osquery on Linux.

Presentation Video
Slide Deck

Zach Wasserman

Zach is cofounder and CTO of Fleet, where he works to unlock the full potential of osquery for enterprise and open-source customers.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store