![]() ![]() Unfortunately if you were hoping for a clean shot where you wouldn’t need to be a subject matter expert on various parts of the systems you need to audit AND the osquery servers moving parts… ur in teh rong biz/are perhaps in need of reminding what that ‘engineer’ part refers to when the whole world has done gone SRE/DevOps-y for a while now. Bundling Grafana/Prometheus/OpenSearch behind its osquery service gave us flexible options at an enterprise scale, but that’s admittedly a lot of stack if you’re looking at setting up the ~dozen or so core moving parts (our Terraform apply is ~250 AWS resources between all the alarms and backups and secure infra configs and tweaks and customizations we’ve built up). I won’t spend too many characters on ‘feelings’ about this whole CIS thing, I think I got enough of that out of my system, so in this post we’ll elaborate on the client and server and the data moving parts of actually shipping those checks.Īs we use Zentral to get the job done, it’s what I’ll be referencing a bunch in this post. ‘Observability’ and ‘governance’ are my favorite buzzwords of late, because the Reporting Structure Above incentivizes us Client Platform Engineers to display the slog of busywork we ship when preparing for being audited as it immediately turns into proof of a compliant state – in being rigorous, we mix in things that prove we’re doing our actual job, and the org validates that every effort is proven to be worthwhile or dashboards wouldn’t need to be looked at. You’ve watched my MDOYVR presentation, but instead of being able to draw an owl, you’re concerned about standing up an osquery query distribution stack in production (unfortunately not what we’ll cover in this post, sorry!) and actually doing the job of visualizing the data. ![]()
0 Comments
Leave a Reply. |