Indeed! Whats also great about osquery is the security related tables available. I.e process_memeory_map, crontab, passwd_changes, shell_history etc. A lot of the stuff osquery gets is right from the kernel (system calls etc.)
1. Security is a huge one. One of the saved queries is checking for processes running that don't have the original binary still on disk. etc. Being able to query stuff like that on demand is powerful. It also has a lot of ops related wins.
2. Well, agree but when you're solo and doing it for fun.. getting it working is half the battle. I know my expectations for the app now and that makes it much easier to write meaningful tests. I must have redid the node/server setup 3 times.. writing tests for failed implementation just sounds like a poor use of time. Also, the project is 0.1.1.. thats super beta man.. give it time.
Yea, I looked at them. EnvDB has plans to extend past just using osquery. Work could be done to connect deeper or use libosquery directly. I chose to wrap it and plan to build a plugin system for wrapping other processes. It would make wrapping other stuff to conform to a sql question/answer model easier and faster to implement imho. (either way.. whatever they add wont break envdb ;) hehe)
As an American that lived in Russia most of my life. It's not total BS but some of the points you mentioned contribute.
1. No one will help you - true. My group of friends would alway be targeted by skinheads and when we had to fight no one would ever help us. Not even the police.
2. People make eye contact a lot, it's a respect and dominance thing. Walking down the streets of Moscow with your head down is a good way to end up dead (seriously, be aware. My sister was picked up physically once and shoved into the trunk of a car - fast action saved her life).
3. Not all Russians are miserable but I agree on the cynical part. They don't trust anyone. (would you if you were lied too for that long.)
4."people are asshole to each other in public" its not so much about being assholes - people just have shit to do. I can't count how many times i was pushed by a sweet old babushka in the metro. They just assume you have no respect but they also realize you get nowhere by being passive.
Anyway, Russia is a very amazing place and it can be scary. Moscow is very racist and the youth is a big problem (violence).
Would I live there again? In a heartbeat. Never felt more alive.
True, we need a better way to control it. The wrong companies are becoming authorities for the wrong reasons. We at least need more transparency on the verification process. I would also like to see a public list of cert requests that failed the approval process. It could be interesting data for incident responders.
DANE is an interesting concept for sure. Not 100% viable in the short-term but going forward we need to start thinking of a better solution. It would still be cert based and just add a layer of complexity. The cert model works it's just controlled by the wrong people and lacks regulation.
Good call - We will get some documentation added asap. We are all security experts and user data has been a huge focus for us since day one. We currently spin up a private collection server per user and use SSL certs tied to each box for secure communications. During the beta process before we open to the public we plan to go through a couple rounds of redteam engagements. (i.e let people hack on it to attempt to gain illegal access)
Reselling ATM (we put this together fairly quickly). We designed our backend architecture to be fairly agnostic though in case we want to switch providers or deploy it in house.
