This repository is used to hold Jupyter Notebooks that are used to work with Osquery table DATA.
This work is based on my prior work on Osquery Tables:
This repository is divided as follows:
- Generate Osquery Data
- Merge Osquery Data
- Create Graph Osquery Graphistry
- REQ
- Requirements folder
This repository is based on Untangling the Osquery❓ tables 🕸 using Data📜 | Part 2 blog.
The graphs are based on Osquery data for Windows, Linux and MacOS.
To show the full potential of the graphs I created a dashboard that is hosted on Streamlit.
To set the graphistry account details to be able to create the graphs, copy .env_template and rename to .env and set your secrets there.
From my prior work on OSQuery-Tables this repository handles following points:
- Check the data returned from the tables when querying and use that data to further fine-tune the filtering.
- Make it possible to use other column names to create graphs with, maybe based on same returned data from a query.