What is osctrl?
osctrl is a fast and efficient osquery management solution, implementing its remote API as TLS endpoint. It offers a scalable and reliable service that will help enhance your incident response and detection capabilities, by following a model where critical functions are split into different components.
What can I do with osctrl?
- Monitor all your systems running osquery,
- Distribute osquery configuration fast across all your enrolled nodes,
- Collect all the status and result logs, whether you want to store them or forward them to a different system (Splunk, ELK, Kafka, Graylog… ),
- Run quasi-real-time on-demand queries in your selected enrolled nodes,
- Carve files or directories from your enrolled nodes.