- Uptycs @ RSA
Breach > ATT&CK > Osquery
In this on-demand webinar, we will look at findings of detailed reports from real-world breaches and map them to the MITRE ATT&CK framework in order to understand if our defenses are effective. We will then look to see how we can monitor our systems with the open-source and cross-platform tool Osquery in order to detect such breaches on Windows, Mac, and Linux.
Hosted by Guillaume Ross
Guillaume is a Principal Security Researcher at Uptycs. With experience as a security architect, consultant and with managing security operations, he loves to find ways to help organizations prevent attacks and reduce the noise that security and IT teams are subjected to.
What is osquery?
Osquery is a an open-source, cross-platform agent that turns your operating system into a virtual database, letting you leverage the power of the SQL language to ask anything from your system. Over 200 tables let you understand what processes are running, what users are logged in, where the machine is connected, what files are on disk and much, much more. Due to its flexibility and power, it makes an amazing tool for threat hunting, security monitoring, and even IT operations.
Where can I find more info about osquery + ATT&CK?
The topic of this webinar stems from a project that Guillaume has been working on since early 2019. While unfinished, he continues to update and tailor the presentation to fit the interests (and provide value to) of audiences at conferences such as:
- 2019 MacAdmins Conference
- SANS Security Operations Summit 2019
- DEF CON 27
Guillaume's presentation at the SANS SOC Summit 2019 earned him accolades in the "Staff Picks for Splunk Security Reading June 2019".
If this topic is of interest to you and/or your team, we encourage you to explore the work of Filippo Mottini (GitHub/Twitter: @teoseller). Filipo has gradually been working on mapping the MITRE ATT&CK Matrix to osquery and then creating query packs that can be used for osquery enterprise threat hunting. Learn more about this project here.
How do I learn more about the Uptycs Osquery-Powered Security Analytics Platform?