OSquery, an open-source framework created by Facebook that allows organizations to look for potential malware or malicious activity on their networks, was available for Mac OS X and Linux environments until today.
Two years after introducing the open-source network monitoring tool for Linux and OS X users, Facebook has finally released the ‘osquery’ developer kit for Windows users on Tuesday. This will give cybersecurity teams to build free and customized osquery solutions to monitor and diagnose their Windows network infrastructure.
But now the social network has announced that the company has developed a Windows version of its osquery tool, too.
When Facebook engineers want to monitor thousands of Apple Mac laptops across their organization, they use their own untraditional security tool called OSquery.
To add to your knowledge and ours, Facebook first introduced the SQL-powered open-source tool to users in 2014. The ‘osquery’ tool was initially released with support for Ubuntu, CentOS, and Mac OS X operating system, with immense demand from developers to port the tool to Windows as well.
OSquery is a smart piece of cross-platform software that scans every single computer on an infrastructure and catalogs every aspect of it.
Then SQL-based queries allow developers and security teams to monitor low-level functions in real-time and quickly search for malicious behavior and vulnerable applications on their infrastructure.
In simple words, OSquery allows an organization to treat its infrastructure as a database, turning OS information into a format that can be queried using SQL-like statements.
This functionality is critical for administrators to perform incident response, diagnose systems and network level problems, help to troubleshoot performance issues, and more.
This open source endpoint security tool has become one of the most popular security projects on GitHub since its release in mid-2014 and was available for Linux distribution such as Ubuntu or CentOS, and Mac OS X machines.
So, if your organization was running a Windows environment, you were out of luck.
But, not today, as with the help of Trail of Bits, Facebook has finally launched the OSquery developer kit for Windows, allowing security teams to build customized solutions for their Windows networks.
“As adoption for osquery grew, a strong and active community emerged in support of a more open approach to security,” reads the earlier version of Facebook’s blog post provided to The Hacker News.
“We saw the long-held misconception of ‘security by obscurity’ fall away as people started sharing tooling and experiences with other members of the community. Our initial release of osquery was supported for Linux and OS X, but the community was also excited for a Windows version — so we set out to build it.”
To get started with the OSquery developer kit for Windows, check this official documentation, the development environment, and a single script. The build is easy to install, and you can start coding right away.
You can read the full documentation of the development process of the OSquery developer kit for Windows on the blog post by Trail of Bits.