Zentral is an Osquery powerhouse with GitOps workflows, Audit trail events and ready-to-go Compliance Checks.
To augment your inventory with information from Osquery, you don’t even have to write your own queries: For supported platforms (macOS, Windows, Debian/Ubuntu) Zentral does it for you and gathers system info, OS, apps and network interfaces automatically and inserts them into the unified inventory.
When changes are detected, normalized events are emitted, and attached to the respective machines, for auditing.
Osquery queries can be used to do Compliance Checks on your fleet. You can leverage the Osquery’s relational data-model and create you custom Compliance Checks for your endpoints. Zentral will then automatically update the status of compliance for each machine everytime updates are received. When the status of compliance changes, Zentral emits an Event and metrics are published that can be used to graph the health of your fleet over time. Compliance Check statuses are also available in the GUI as filters or in the XLS/CSV reports.
Use the official Zentral Terraform module to manage the Osquery configurations, enrollments, packs and queries. This integration is perfect for a CI/CD system: Protect your main branch, setup mandatory code reviews and dry-runs for the pull requests to improve the security and reliability of your configuration. Zentral will generate audit events for each configuration change.
Lower level API endpoints are also available if you want to build a custom workflow.
Use pack routing keys and our advanced event store filtering for shipping only events that are relevant to your favorite (and probably expensive) SIEM to save cost.
The extra inventory data that Zentral adds to each event will help your InfoSec team to identify the corresponding machine. For example, the Asset ID, or groups from your MDM solution can be added to the osquery results metadata.
We manage the agent with you:
Some queries are straight forward. We help you get those queries right that are not trivial to solve.
Implement CI/CD worfklow for Osquery configurations, enrollments, packs and queries with your tool (Gitlab, GitHub, …).