an open-source framework created by Facebook that allows organizations
to look for potential malware or malicious activity on their networks,
was available for Mac OS X and Linux environments until today.
But now the social network has announced that the company has developed a Windows version of its osquery tool, too.
When Facebook engineers want to monitor thousands of Apple Mac laptops
across their organization, they use their own untraditional security
tool called OSquery.
OSquery is a smart piece of cross-platform software that scans every
single computer on an infrastructure and catalogs every aspect of it.
Then SQL-based queries allow developers and security teams to monitor
low-level functions in real-time and quickly search for malicious
behavior and vulnerable applications on their infrastructure.
In simple words, OSquery allows an organization to treat its
infrastructure as a database, turning OS information into a format that
can be queried using SQL-like statements.
This functionality is critical for administrators to perform incident
response, diagnose systems and network level problems, help to
troubleshoot performance issues, and more.
This open source endpoint security tool has become one of the most popular security projects on GitHub since its release in mid-2014 and was available for Linux distribution such as Ubuntu or CentOS, and Mac OS X machines.
So, if your organization was running a Windows environment, you were out of luck.
But, not today, as with the help of Trail of Bits, Facebook has finally launched the OSquery developer kit for Windows, allowing security teams to build customized solutions for their Windows networks.
"As adoption for osquery grew, a strong and active community emerged in support of a more open approach to security," reads the earlier version of Facebook's blog post provided to The Hacker News.
"We saw the long-held misconception of 'security by obscurity' fall away as people started sharing tooling and experiences with other members of the community. Our initial release of osquery was supported for Linux and OS X, but the community was also excited for a Windows version — so we set out to build it."
To get started with the OSquery developer kit for Windows, check this official documentation, the development environment, and a single script. The build is easy to install, and you can start coding right away.
You can read the full documentation of the development process of the OSquery developer kit for Windows on the blog post by Trail of Bits.