logo

Announcing the Zeek Agent

(This posting is cross-posted between the Zeek blog and the Trail of Bits blog). The Zeek Network Security Monitor provides a powerful open-source platform for network traffic analysis. However, from its network ...
The results of a query on ntfs_journal_events

Real-time file monitoring on Windows with osquery

| | osquery
TL;DR: Trail of Bits has developed ntfs_journal_events, a new event-based osquery table for Windows that enables real-time file change monitoring. You can use this table today to performantly monitor changes to specific ...

Investigating Threat Alerts with Osquery: Understanding Threat Surface & Risk

The Uptycs Threat Intelligence team is responsible for providing a high quality, curated, and current Threat Intelligence feed to the Uptycs product. In order to deliver the threat feed, the team evaluates ...

Announcing the osquery@scale Conference

| | osquery
Osquery has become a popular tooling for endpoint-based security analytics. The user community is thriving and vibrant as reflected in GitHub security showcase and osquery slack channel activity. There are many organizations, ...
Panel Discussion: the osquery Foundation

QueryCon 2019: A Turning Point for osquery

Has it really been 3 months since Trail of Bits hosted QueryCon? We’ve had such a busy and productive summer that we nearly forgot to go back and reflect on the success ...

[Infographic] macOS Native Security Configurations and osquery

Be it for macOS or my dog eating out of the trash, there is no such thing as a bullet-proof security policy. It’s all about creating a threshold of standards- something to ...

Performant Osquery – Enterprise-grade Osquery at Scale Considerations

In this blog post I’ll cover osquery’s ability to provide performant behavior and its capabilities to excel at enterprise grade requirements. Many observations covered in this blog will highlight various capabilities of ...

Osquery Security Use Cases and Solutions

Osquery has become a popular source of instrumentation for a wide variety of use cases. On github security showcase, it is currently among the top most popular open source security projects. Given ...

Detecting Malicious Packages in Repositories like PyPI: Using Osquery for Complete Software Inventory

Many systems make installing 3rd party software incredibly convenient; from packaging systems and well loved Linux distribution tools like Debian Apt to app stores and per-language repositories. Users are also often allowed ...

[Video] Incident Investigation with Uptycs and Osquery

This video features Pat Haley, our Principal Sales Engineer, walking through the strengths + challenges of osquery, how osquery can be used for incident investigations, and how Uptycs can add value to ...