Uptycs Blog

Welcome! The Uptycs blog is for security professionals and osquery enthusiasts interested in exploring new ideas in cloud security. We hope you’ll enjoy our blog enough to subscribe and share.

Get started using osquery for container security

Get started using osquery for container security

The following is adapted from Ryan Mack’s talk “Containers and osquery,” presented at osquery@scale ‘21. Ryan’s full presentation is available at the end of this piece.

We need as much visibility as possible into everything going on in our containers to effectively detect security problems in container-based environments. We also need to apply the unique properties of containers to create high-fidelity detection rules.

Osquery can meet both of these needs.

Use cloudquery and osquery to simplify your cloud monitoring

Use cloudquery and osquery to simplify your cloud monitoring

With the shift toward cloud computing, many organizations have at least some footprint in the cloud. Thus it becomes important to secure both your on-prem and cloud infrastructure.

Cloudquery, which runs as an extension of osquery, simplifies the visualization and monitoring of all your cloud resources. It creates a seamless integration of cloud telemetry with the rest of your osquery-powered telemetry.

Sudo local privilege escalation (CVE-2021-3156) detection using osquery and Uptycs

Sudo local privilege escalation (CVE-2021-3156) detection using osquery and Uptycs

Recently a heap-based buffer overflow vulnerability was discovered in the sudo utility by Qualys. Sudo is a command-line utility that allows a user to run commands in the context of other users with proper authentication. The vulnerability lets any user escalate the privileges to the root user. Qualys has shared technical details in their blog post, so in this post I’ll focus on how osquery and Uptycs can be used to detect the exploit and unpatched systems

Kubequery brings the power of osquery to Kubernetes clusters

Kubequery brings the power of osquery to Kubernetes clusters

Osquery has made a tremendous positive impact in the fields of operating system observability and security analytics. It is widely used for fleet management, incident response, real-time monitoring, and for numerous other cases. While osquery became a de facto standard for IT and security teams in many organizations, Kubernetes (K8s) was emerging as a popular platform for containerized application orchestration and deployment.

Lateral movement correlation within Uptycs EDR

Lateral movement correlation within Uptycs EDR

One of the nice features of Uptycs’ EDR functionality is its ability to correlate lateral movement activity during the progression of an attack across the systems within an organization’s infrastructure.

Discussing the future of osquery with Enterprise Security Weekly

Discussing the future of osquery with Enterprise Security Weekly

Osquery has grown in popularity because of its broad applicability in enterprise environments. What’s next for the open source project?

Page 5 of 23: