osctrl: A fast and efficient osquery management solution

https://www.osctrl.net

Introducing osctrl, a new solution to manage osquery clients as TLS endpoint.

osctrl admin page with the list of enrolled osquery nodes

What is osctrl?

osctrl is a fast and efficient osquery management solution, implementing its remote API as TLS endpoint. It offers a scalable and reliable service that will help enhance your incident response and detection capabilities, by following a model where critical functions are split into different components.

osctrl components

What can I do with osctrl?

• Monitor all your systems running osquery,
• Distribute osquery configuration fast across all your enrolled nodes,
• Collect all the status and result logs, whether you want to store them or forward them to a different system (Splunk, ELK, Kafka, Graylog… ),
• Run quasi-real-time on-demand queries in your selected enrolled nodes,
• Carve files or directories from your enrolled nodes.

Further Reading

• osctrl code repository in Github
• osctrl Documentation
• osquery main site
• List of other open source solutions for osquery

Any questions?

If you have any questions about osctrl, feel free to create an issue in Github or reach out to me directly in Twitter (@javutin).

Also, there is the #osctrl channel in the osquery official Slack.