I have been spending a lot of time over the last few weeks looking at the OSQuery to get a better understanding of what it can do since it seems every major security tool from Sophos to Cisco to CarbonBlack is building it into their product.
I have also been looking at Juypter notebooks for machine learning and data science work recently and decided to build a notebook to help explain and show the power of OSquery on MacOS.
This notebook is here and is a WIP that I hope to expand over the next few weeks. Right now it runs 12 queries and displays the data in a data frame.
Here is an example of the displaying logged in users:
Here is the OS Version:
Quick Notes
- This is built for macOS
- I will try to build for Windows, RHEL, and Ubuntu soon.
- You can run the query found in
commands = []directly on the command line and get JSON back. - If you have any questions please reach out to me on twitter @jgamblin.
