osctrl: A fast and efficient osquery management solution

Image for post
Image for post
https://www.osctrl.net

Introducing osctrl, a new solution to manage osquery clients as TLS endpoint.

What is osctrl?

osctrl is a fast and efficient osquery management solution, implementing its remote API as TLS endpoint. It offers a scalable and reliable service that will help enhance your incident response and detection capabilities, by following a model where critical functions are split into different components.

What can I do with osctrl?

  • Monitor all your systems running osquery,
  • Distribute osquery configuration fast across all your enrolled nodes,
  • Collect all the status and result logs, whether you want to store them or forward them to a different system (Splunk, ELK, Kafka, Graylog… ),
  • Run quasi-real-time on-demand queries in your selected enrolled nodes,
  • Carve files or directories from your enrolled nodes.
usage of osctrl-cli, the Command Line Interface component of osctrl
usage of osctrl-cli, the Command Line Interface component of osctrl

Any questions?

If you have any questions about osctrl, feel free to create an issue in Github or reach out to me directly in Twitter (@javutin).

Also, there is the #osctrl channel in the osquery official Slack.

Written by

JMP Security

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store