Investigating Threat Alerts with Osquery: Understanding Threat Surface & Risk

The Uptycs Threat Intelligence team is responsible for providing a high quality, curated, and current Threat Intelligence feed to the Uptycs product. In order to deliver the threat feed, the team evaluates ...
Why Real Time Threat Intelligence Isn’t Enough

Why Real Time Threat Intelligence Isn’t Enough

Detecting security threats is difficult work, now more so than ever. Our threat intelligence tools are playing catch-up with increasingly sophisticated attack vectors, including polymorphic malware, quick-turn domains and other turn-on-a-dime attack ...

Building Your First Incident Response Policy: A Practical Guide for Beginners

It only makes sense to assume that sooner or later your company will have to handle a security incident and the subsequent recovery from any damage caused. Creating an incident response policy ...

Demisto & Uptycs: Orchestrating Incident Response Activities

Orchestration engines such as Demisto give security professionals the freedom to integrate multiple services into coordinated, automated workflows. Simple REST APIs allow the transfer of data from one application or service to ...

Hardening defenses with MITRE ATT&CK and osquery: Lessons from Singapore Health Breach

There's a big disconnect between best practice frameworks and the real-life nitty gritty. Many of these frameworks broadly approach the overarching principles that a robust security program should encompass and why these ...

Detecting Malicious Packages in Repositories like PyPI: Using Osquery for Complete Software Inventory

Many systems make installing 3rd party software incredibly convenient; from packaging systems and well loved Linux distribution tools like Debian Apt to app stores and per-language repositories. Users are also often allowed ...

[Video] Incident Investigation with Uptycs and Osquery

This video features Pat Haley, our Principal Sales Engineer, walking through the strengths + challenges of osquery, how osquery can be used for incident investigations, and how Uptycs can add value to ...

Checking MDS/Zombieload Mitigations on macOS with Osquery

As a part of a pretty crazy week (Microsoft/RDS, Apple/Mojave/High Sierra, Adobe Acrobat/ Flash Player) when it comes to security updates, some new speculative execution vulnerabilities were disclosed and fixed ...

Threat Hunting with Osquery: 5 macOS Malware Techniques & How to Find Them

This previous blog post explored ways to use osquery for macOS malware analysis. Using the same methodology introduced there, we analyzed five additional macOS malware variants and recorded their behavior to understand ...

3 Reasons Osquery Should Be On Every Incident Responders Christmas List

| | incident investigation, osquery
2018 marks the first full year in which Uptycs, the company created to bring Facebook’s open source osquery agent to widespread commercial adoption, has had its turnkey security analytics platform in the ...