It comes as no surprise when Facebook decides to start something new, with their latest quest taking the form of a new program, Osquery. This particular software is an open-source framework that allows different organizations to search for malware, as well as unusual activity on their servers. Originally, this software was only available for Mac OS X and Linux based machines, however, recently Facebook developed their software to run on Windows.
With a blog post on Facebook announcing the release of Windows support modules for their new software, it would appear that this fascinating company never seizes to stop amazing their fans and utilizing their own security tool in Osquery, is just another notch.
The Osquery is a very intelligent cross-platform program, which holds the capability of scanning every computer system connected to their infrastructure, as well as catalogs.
The SQL queries allow the developers at Facebook to interact with the cyber security team, enabling a proper monitoring of low-level functions and operations in a real-time environment. This allows them to scan their network and connected computers, searching for any signs of malicious activities, as well as any potential vulnerabilities within their large and constantly growing infrastructure.
To break this down into layman’s terms, this handy little software allows Facebook to use their entire infrastructure as a simple database. Thus, turning the O.S. information into a special format that is easily queried by using SQL-like functions.
The basic functionality of this software proves to be extremely critical for all types of network administrators, in order to carry out their incident response; diagnose their respective network and level problems. This software also assists in troubleshooting performance issues that may come with their server(s).
Since the initial launch back in the mid-months of 2014, the project has gained extreme popularity. This open-source endpoint security program can be found on the large project-hosting site, GitHub. Back in 2014, Osquery was only available to those who use Apple operating systems and/or Linux based systems, such as Ubuntu or CentOS. Up until recently, if your organization was using Windows based machines, you were basically out of luck.
However, thanks to the assistance of Trail of Bits, Facebook is finally launching the Osquery developer kit for the Windows platform. This allows for security teams to have the ability to develop their own set of customized solutions based upon their respective company’s needs and desires.
The early version of Facebook’s blog, which was posted to the Hacker News’ states “as adoption for Osquery grew, a strong and active community emerged in support of a more open approach to security.” The post continued, saying “we saw the long-held misconception of ‘security by obscurity’ fall away as people started sharing tolling and experiences with other members of the community. Our initial release of Osquery was supported for Linux and OS X, but the community was also excited for a Windows version – so we set out to build it.”
If you would like to get started with the development of an Osquery developer kit for Windows, here’s Facebook’s official documentation for Windows.
Sources: Facebook (Osquery Windows), GitHub (Osquery), Trail of Bits, Facebook (Documentation for Windows), The Hacker News.