A In this blog I want to take you on the continuation of my journey of discovery.
This blog is part 2, the first part of my journey concluded with my first blog ever. 🎉
This journey is to answer the following research question.
How can I visualize the relationship between Osquery tables, for data enrichment?
My personal motivation for wanting to answer this question is that visualization of the connection between Osquery tables can help to fully understand and leverage its capabilities!
This is even more important in Security Incidents where time is short.
In an incident you want to enrich your data and gather the most evidence possible in a short time.
Threat Hunting is also an example.
An example use case on Windows is, based on the logged on users, which users interacted with an…
