Excalibur is inspired from Doorman which is an osquery fleet manager that allows administrators to remotely manage the osquery configurations retrieved by nodes.
The aim is simple for now. Harness the power of osquery and perform Malware analysis using third party API (Virus Total etc.)
- OsQuery
- Kafka
- Mojolicious Web Framwork (Perl)
- PostgreSQL or any NoSQL - Database
- Microsoft Teams/ Slack API for notification
- OpenAPI/ Swagger
- React.js/Vue.js for UI
https://www.uptycs.com/blog/deploying-osquery-at-scale-a-comprehensive-list-of-open-source-tools https://holdmybeersecurity.com/2019/04/25/detecting-malicious-downloads-with-osquery-rsyslog-kafka-python3-and-virustotal/