Uptycs Blog

Welcome! The Uptycs blog is for security professionals and osquery enthusiasts interested in exploring new ideas in cloud security. We hope you’ll enjoy our blog enough to subscribe and share.

Doug Wilson

Doug Wilson

Douglas (Doug) Wilson is the Director of Security at Uptycs. He has spent a large amount of his career advocating for open tools, organizations, and standards. He was formerly the spokesperson for OpenIOC, and helped to found and run OWASP DC. He has over 18 years of experience in a variety of Information Security and Technology positions. When not attached to a computer or traveling, he can be found at Scotch tastings, riding his bike around DC, and reliving his youth through cheering on the DC Breeze Pro Ultimate team.

Free Osquery Training Course Now On-Demand

Free Osquery Training Course Now On-Demand

I’m excited to share that we have just released free online training to introduce you to osquery. Our goal was to combine quick setup and hands on labs with complete accessibility, so that anyone who wanted to give osquery a try, could.

Osquery In Action: Where and When to Apply "Threat Intel"

Osquery In Action: Where and When to Apply

Osquery Security Solutions: Build or Buy?

Osquery Security Solutions: Build or Buy?

Late last week, Chris Sanders (@chrissanders88), a former FireEye colleague, posted an interesting "lunchtime poll":

Open-source hasn't disrupted security...yet

Open-source hasn't disrupted security...yet

I’ve written before about how I feel open-source technology will prove disruptive in the security industry. Having recently returned from a week in San Francisco for B-Sides SF & RSA, which is known as the annual pilgrimage for "Infosec Sales," I feel that way now more than ever. The growth in adoption of open-source technologies may indicate that people are starting to get more comfortable with the concept or ability of their still being enough room for innovation that companies can charge for what they develop on top of “free” open-source projects. Coming back from the premier sales conference for the information security industry is a great showcase for why I’ve come away with that thought. Let's explore...

SQL introduction for osquery

SQL introduction for osquery

SQL (Structured Query Language) will be in its mid-forties later this month having been introduced by its creators Donald Chamberlin and Raymond Boyce in the 1970s. Given its age, it isn’t so hard to understand how the 2017 Stack Overflow Developers Survey uncovered that SQL is the second-most common programming language, used by 50% of developers and beaten only by JavaScript. 

6 Tasks for Basic macOS system monitoring with osquery [Video]

6 Tasks for Basic macOS system monitoring with osquery [Video]

Osquery offers introspection capabilities for macOS that were previously difficult to achieve. Osquery uses a universal agent to collect and return a nearly unlimited amount of endpoint data that can then be queried like a database using SQL. For macOS system administrators, this opens up a world of quickly accessible system monitoring capabilities that we'll explore here today.    

In this post and video (click here to skip ahead to the video), we'll review some of the basic tasks for macOS system monitoring with osquery (osquery can be used for Linux and Windows as well, but because macOS was previously so underserved, I'm focusing there. Most commands we'll review will be the same or similar for other systems).

What we'll cover: 

Page 1 of 3: