Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Turn on the lights

Mike McNeil
February 04, 2021

Turn on the lights

Learn how to tap into what your employer sees using Postman + osquery, an open source API for asking questions about devices like laptops, servers, and Docker containers.

> Note from Mike:
> To try out the "Is it any good?" demo for yourself, head over to:
> https://fleetdm.com

Mike McNeil

February 04, 2021
Tweet

More Decks by Mike McNeil

Other Decks in Technology

Transcript

  1. What can your employer see? Nothing to hide • Vulnerable

    packages, ex fi ltrated Google docs • Installed apps, running processes • Screen lock status, hours spent online • Files on your desktop? 🤷 • Browser history? 🤷 • Every keystroke? 🤷
  2. Keyloggers c. 2001 • Run an .exe to generate an

    agent. • Trick someone into installing the agent on their device. • Every 30m, receive an email with everything they've typed. • Everything.
  3. Device management agents c. 2021 • Run software to generate

    agents. • Install the agents on all your servers and employee devices. • Every 30m, IT/Sec receives an email with everything you've typed..? • What are these agents doing? • How do we know? • Aren't we supposed to be pursuing "Zero Trust"?
  4. osquery (cont.) Key innovation: SQL • 50 years of maturity

    • SQLite (query planner + SQL parser) • Virtual tables that describe devices
  5. - Brendan Shaklovitz "I use Fleet to manage thousands of

    hosts, develop better queries, and get the most out of osquery logs."
  6. Roadmap H1 2021 • Teams (RBAC) • Auto-updates • Vulnerability

    management • Baseline queries available out of the box • Shareable compliance reporting & goal tracking • Query performance monitoring
  7. Roadmap (cont.) H1 2021 • More fl exible con fi

    g (startup fl ags, etc) • Search • Deep links • Activity feed • Easier, faster deployments
  8. • Fleet Device API (chromebooks, etc) • Standard library (Fleet's

    recommended queries) • Tickets (ServiceNow GRC, JIRA) • gRPC Roadmap (cont.) H1 2021
  9. • Custom osquery extension deployment ("R"»»"EDR") • Fleet Desktop (turn

    on self-remediation, scope & audit transparency) Roadmap (cont.) H2 2021