Facebook has announced the availability of its SQL-backed detection tool for Windows platform. The open source technology, dubbed as osquery, was initially designed for Linux and OS X users to enable real-time insight into corporate infrastructure.
Through transforming operating systems into relational databases, the SQL-based framework helps users detect malicious activities on their networks. It develops SQL tables to highlight abstract concepts like loaded kernel modules, open network connections, browser plugins and hardware events. This visibility provides a crystal clear sight to identify and investigate anomalies quickly.
“This port of osquery to Windows gives you the ability to unify endpoint defense and participate in an active open source community ready to share experiences and stories,” said Nick Anderson, security engineer at Facebook, in a note.
Anderson recounted an instance that shows the effectiveness of osquery. He stated that the tool helped Facebook’s security team in fetching data about all browser extensions running on its network and then enabled a comparison between the derived information and threat intelligence data to detect malicious extensions and remove them in a short while.
The osquery developer kit for Windows comes with a detailed documentation, development environment and a single script to let you enter the world of cybersecurity. Once installed, you can pass your SQL queries to start protecting your network.