![osquery watchdog osquery watchdog](https://blog.spoock.com/2018/12/29/osquery-under-the-hood/4.png)
RocksDBĪ highly write-optimized, embedded key-value database that is compiled into the osquery binary used by osquery for storage. osqueryctlĪ helper script for testing a deployment or configuration of osquery. osquerydĪ daemon for sheduling and running queries in the background. The interactive osquery shell, for performing ad-hoc queries. Incident Detection and ResponseĪlso known as attack/threat detection and response, it is the process of finding intruders in your infrastructure, retracing their activity, containing the threat and removing their foothold. Not to be confused with FleetDM, fleet simply means a collection of endpoints. File integrity monitoring (FIM)įIM is a technology that helps to monitor and detect the changes in files or any suspicious activity which may lead to a future cyber attack. Simply put, you validate a file's integrity to determine whether or not it has been altered after its creation, archiving or other events. This is the process of protecting a file from unauthorized changes. This refers to tracking activity and risks across all endpoints. These are devices such as laptops, phones, tables, servers, Internet-of-things devices that are connected of a particular computer network. So I decided to just document them, call it a glossary of osquery related terms if you will.
![osquery watchdog osquery watchdog](https://www.uptycs.com/hs-fs/hubfs/FIG%201.png)
![osquery watchdog osquery watchdog](https://dactiv.llc/images/osquery-perf-at-scale.png)
Some of these terms I had barely heard of and others I knew but not that well. In my research of osquery(still ongoing by the way), there were certain terms that just kept popping up.