deploying-osquery-for-endpoint-monitoring

Featured

Deploys and configures osquery for real-time endpoint monitoring using SQL-based queries to inspect running processes, open ports, installed software, and system configuration. Use when building visibility into endpoint state, threat hunting across fleet, or implementing compliance monitoring. Activates for requests involving osquery deployment, endpoint visibility, fleet management, or SQL-based endpoint querying.

DevOps & Infrastructure 13,115 stars 1533 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Deploying Osquery for Endpoint Monitoring ## When to Use Use this skill when: - Deploying osquery across Windows, macOS, and Linux endpoints for fleet-wide visibility - Building threat hunting queries using osquery's SQL interface - Monitoring endpoint compliance (installed software, open ports, running services) - Integrating osquery data with SIEM or Kolide/Fleet for centralized management **Do not use** for real-time alerting (osquery is periodic/on-demand; use EDR for real-time). ## Prerequisites - Osquery package for target OS (https://osquery.io/downloads) - Fleet management server (Kolide Fleet or FleetDM) for enterprise deployment - TLS certificates for secure agent-to-server communication - Log aggregation pipeline (Filebeat, Fluentd) for osquery result logs ## Workflow ### Step 1: Install Osquery ```bash # Ubuntu/Debian export OSQUERY_KEY=1484120AC4E9F8A1A577AEEE97A80C63C9D8B80B apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys $OSQUERY_KEY add-apt-repository 'deb [arch=amd64] https://pkg.osquery.io/deb deb main' apt-get update && apt-get install osquery -y # Windows (MSI) # Download from https://osquery.io/downloads/official msiexec /i osquery-5.12.1.msi /quiet # macOS brew install osquery ``` ### Step 2: Configure Osquery ```json // /etc/osquery/osquery.conf (Linux/macOS) or C:\ProgramData\osquery\osquery.conf { "options": { "config_plugin": "filesystem", "logger_plugin": "filesystem", "logger_path": "/var/log/osquery", ...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

API & Backend Solid

forensics-osquery

SQL-powered forensic investigation and system interrogation using osquery to query operating systems as relational databases. Enables rapid evidence collection, threat hunting, and incident response across Linux, macOS, and Windows endpoints. Use when: (1) Investigating security incidents and collecting forensic artifacts, (2) Threat hunting across endpoints for suspicious activity, (3) Analyzing running processes, network connections, and persistence mechanisms, (4) Collecting system state during incident response, (5) Querying file hashes, user activity, and system configuration for compromise indicators, (6) Building detection queries for continuous monitoring with osqueryd.

335 Updated today
aiskillstore
DevOps & Infrastructure Listed

openstack-monitoring

OpenStack monitoring operations skill for deploying, configuring, and operating the cloud health monitoring stack. Covers Prometheus metric collection and scrape targets, Grafana dashboard provisioning and visualization, Alertmanager notification channels and routing, alerting rules for service health and resource exhaustion, service endpoint health checks, log aggregation strategies, SLA tracking with availability and response time percentiles, and capacity trend analysis from historical metrics. Use when deploying monitoring via Kolla-Ansible, configuring alert thresholds, troubleshooting blank dashboards, tuning noisy alerts, or analyzing cloud performance trends.

62 Updated today
Tibsfox
AI & Automation Featured

configuring-host-based-intrusion-detection

Configures host-based intrusion detection systems (HIDS) to monitor endpoint file integrity, system calls, and configuration changes for security violations. Use when deploying OSSEC, Wazuh, or AIDE for endpoint monitoring, building file integrity monitoring (FIM) policies, or meeting compliance requirements for change detection. Activates for requests involving HIDS configuration, file integrity monitoring, OSSEC/Wazuh deployment, or host-based detection.

13,115 Updated today
mukul975
DevOps & Infrastructure Featured

configuring-suricata-for-network-monitoring

Deploys and configures Suricata IDS/IPS with Emerging Threats rulesets, EVE JSON logging, and custom rules for real-time network traffic inspection, threat detection, and integration with SIEM platforms for centralized security monitoring.

13,115 Updated today
mukul975
DevOps & Infrastructure Featured

oraclecloud-observability

Set up programmatic monitoring, logging, and alarms for OCI resources. Use when configuring OCI Monitoring metrics, creating alarm rules, publishing custom metrics, or searching logs via the Logging service. Trigger with "oraclecloud observability", "oci monitoring", "oci alarms", "oci logging", "oracle cloud observability".

2,274 Updated today
jeremylongshore