A glossary of osquery related terms
October 21, 2021
In my research of osquery(still ongoing by the way), there were certain terms that just kept popping up.
Some of these terms I had barely heard of and others I knew but not that well. So I decided to just document them, call it a glossary of osquery related terms if you will. Let's check them out...
These are devices such as laptops, phones, tables, servers, Internet-of-things devices that are connected of a particular computer network.
This refers to tracking activity and risks across all endpoints.
This is the process of protecting a file from unauthorized changes. Simply put, you validate a file's integrity to determine whether or not it has been altered after its creation, archiving or other events.
File integrity monitoring (FIM)
FIM is a technology that helps to monitor and detect the changes in files or any suspicious activity which may lead to a future cyber attack.
Not to be confused with FleetDM, fleet simply means a collection of endpoints.
Incident Detection and Response
Also known as attack/threat detection and response, it is the process of finding intruders in your infrastructure, retracing their activity, containing the threat and removing their foothold.
The interactive osquery shell, for performing ad-hoc queries.
A daemon for sheduling and running queries in the background.
A helper script for testing a deployment or configuration of osquery.
A highly write-optimized, embedded key-value database that is compiled into the osquery binary used by osquery for storage.
In osquery speak, watchdog is a performance monitor guard for every query processing. It keeps the currently executing processes in check and kills unwanted worker process if they exceed beyond the defined performance thresholds. It can also blacklist the least performing or problem causing queries.
This is by no means an exhaustive list of terms, but so far in my research these stood out as they are mostly new to me. Know more osquery related terms? Tweet at me.