Uptycs Blog

Welcome! The Uptycs blog is for security professionals and osquery enthusiasts interested in exploring new ideas in cloud security. We hope you’ll enjoy our blog enough to subscribe and share.

Detecting the SolarWinds supply chain attack using osquery and Uptycs

Detecting the SolarWinds supply chain attack using osquery and Uptycs

On December 13, FireEye shared details on the SolarWinds supply chain attack, dubbed SUNBURST. The next day, Volexity shared additional information on the lateral movement and exfiltration activities of the attackers.

Osquery: What it is, how it works, and how to use it

Osquery: What it is, how it works, and how to use it

Maintaining visibility into infrastructure and operating systems is critical for all organizations today—compliance, security, and your bottom line depend on it.

Using osquery to monitor third-party system extensions for IT compliance

Using osquery to monitor third-party system extensions for IT compliance

Monitoring system-level kernel extensions, modules, and drivers across all three major desktop platforms is a great way to ensure IT compliance, with a sprinkling of security investigation if you uncover something interesting.

Warzone RAT comes with UAC bypass technique

Warzone RAT comes with UAC bypass technique

Uptycs' threat research team identified an XLS document that downloaded a highly vicious payload named Warzone RAT. The payload, also known as “Ave Maria stealer,” can steal credentials and log keystrokes on the victim’s machine. Checkpoint mentioned Warzone early this year when the malware was in its early stage of development.

Uptycs EDR for Linux: Detection and visibility all the way through

Uptycs EDR for Linux: Detection and visibility all the way through

Despite the fact that Linux server endpoints comprise 90% of cloud workloads and a majority of on-premises enterprise workloads, they don’t usually get as much attention as productivity endpoints. Most EDR solutions focus on end users and don’t meet the unique requirements for production Linux servers, such as the need for 100% uptime and low resource consumption.

Fast, consolidated, and context-rich detections from Uptycs will keep security analysts sane

Fast, consolidated, and context-rich detections from Uptycs will keep security analysts sane

Today, Uptycs is introducing enhanced detection capabilities, including a new detections UI that correlates signals (events and alerts), assigns a composite threat score, and maps the associated signals to the MITRE ATT&CK matrix. This new experience equips analysts with the context they need to quickly triage their detections queue without feeling like they’re missing anything. Watch the demo video below to see the new functionality in action.

Page 3 of 19: