Deploys osquery scheduled queries for endpoint monitoring of processes, network connections, file integrity, and persistence mechanisms. Generates osquery.conf, configures logging, analyzes results for suspicious processes, unauthorized ports, and file changes.
npx claudepluginhub killvxk/cybersecurity-skills-zhThis skill uses the workspace's default tool permissions.
1. 安装依赖:`pip install requests`(osquery 需在终端上安装)
Deploys and configures osquery for SQL-based endpoint monitoring of processes, open ports, installed software, and system configs on Windows, macOS, Linux. For fleet visibility, threat hunting, and compliance.
Deploys and configures osquery across Linux, Windows, macOS for SQL-based endpoint monitoring of processes, ports, software, and config. For threat hunting, fleet visibility, compliance checks.
Deploys and configures osquery across Linux, Windows, macOS for SQL-based endpoint monitoring of processes, ports, software, and system config. For threat hunting, fleet visibility, compliance.
Share bugs, ideas, or general feedback.
pip install requests(osquery 需在终端上安装)osquery.conf:
python scripts/agent.py --results-dir /var/log/osquery/results/ --output osquery_report.json
{"schedule": {"process_snapshot": {"query": "SELECT pid, name, path, cmdline, uid FROM processes WHERE on_disk = 0;", "interval": 300}}}