Uptycs Blog

Welcome! The Uptycs blog is for security professionals and osquery enthusiasts interested in exploring new ideas in cloud security. We hope you’ll enjoy our blog enough to subscribe and share.

Silver Sparrow macOS malware detection with Uptycs

Silver Sparrow macOS malware detection with Uptycs

Late last week cybersecurity company Red Canary published an article revealing a new strain of macOS malware they discovered. Looking at data provided by Malwarebytes they determined that this new malware, which they dubbed “Silver Sparrow,” had already infected nearly 30,000 macOS endpoints around the world.

Get started using osquery for container security

Get started using osquery for container security

The following is adapted from Ryan Mack’s talk “Containers and osquery,” presented at osquery@scale ‘21. Ryan’s full presentation is available at the end of this piece.

We need as much visibility as possible into everything going on in our containers to effectively detect security problems in container-based environments. We also need to apply the unique properties of containers to create high-fidelity detection rules.

Osquery can meet both of these needs.

Use cloudquery and osquery to simplify your cloud monitoring

Use cloudquery and osquery to simplify your cloud monitoring

With the shift toward cloud computing, many organizations have at least some footprint in the cloud. Thus it becomes important to secure both your on-prem and cloud infrastructure.

Cloudquery, which runs as an extension of osquery, simplifies the visualization and monitoring of all your cloud resources. It creates a seamless integration of cloud telemetry with the rest of your osquery-powered telemetry.

Kubequery brings the power of osquery to Kubernetes clusters

Kubequery brings the power of osquery to Kubernetes clusters

Osquery has made a tremendous positive impact in the fields of operating system observability and security analytics. It is widely used for fleet management, incident response, real-time monitoring, and for numerous other cases. While osquery became a de facto standard for IT and security teams in many organizations, Kubernetes (K8s) was emerging as a popular platform for containerized application orchestration and deployment.

Discussing the future of osquery with Enterprise Security Weekly

Discussing the future of osquery with Enterprise Security Weekly

Osquery has grown in popularity because of its broad applicability in enterprise environments. What’s next for the open source project?

You should be using AWS IMDSv2: Here’s why and how to do it

You should be using AWS IMDSv2: Here’s why and how to do it

Organizations should transition EC2 instances to use Instance Metadata Service Version 2 (IMDSv2) because IMDSv1 is susceptible to server-side request forgery (SSRF) attacks. Uptycs customers should be cautious about enabling the curl table in osquery. Uptycs has updated our version of osquery to work with IMDSv2, and we’ve implemented a rule to help customers identify EC2 instances using the vulnerable metadata service.

Page 1 of 11: