Uptycs for Incident Investigation

Uptycs and Osquery_YT

Uptycs leverages the osquery agent for its breadth of data, making it fast and manageable to deploy at scale. In addition to the rich data set osquery offers, Uptycs for Incident Investigation enables live querying at scale, complete historical state recreation, integrated third party threat intelligence, and an open API for straightforward integration with your existing security ecosystem. Watch the short video to learn more. 



historical events

Reconstruct History for Thorough Incident Investigation

Go Back in Time with Uptycs Flight Recorder

Most incidents or threats come to our attention after they've already occurred. Add to that the sporadic lifetime of cloud workloads and you can see why recreating the past is a requirement of modern incident investigation. The Uptycs Flight Recorder combines innovative differential change and compression algorithms with a unique storage schema to support the reconstruction of the state of a machine at any point in history in just seconds.

Automate Common Investigation Tasks

Automate Common Investigation Tasks

SQL Powered Notebooks

Our Dashbook technology allows you to create "notebooks" with cells powered by SQL queries. Analogous to spreadsheets where cells are powered by macros, our Dashbooks allow you to capture, reuse, and share entire incident investigation queries in a single place.

custom reports

No Proprietary Language to Learn

Powered by industry standard SQL

Uptycs makes its entire database of historical endpoint state data accessible using industry standard SQL. Combined with the ability to seamlessly switch to accessing endpoint data in real time using osquery, Uptycs allows for the entire incident investigation process to be conducted in industry standard SQL, without requiring you to master a proprietary query language.


About osquery

osquery is a universal endpoint agent that allows you to easily ask questions about your Linux, Windows and macOS infrastructure using industry standard SQL syntax. Whether your goal is fleet visibility, intrusion detection, vulnerability monitoring or compliance management, osquery gives you the ability to empower and inform a broad set of organizations within your company.