On-Demand Webinar:
In this on-demand webinar, we will look at findings of detailed reports from real world breaches and map them to the MITRE ATT&CK framework in order to understand if our defenses are effective. We will then look to see how we can monitor our systems with the open-source and cross-platform tool Osquery in order to detect such breaches on Windows, Mac, and Linux.
Hosted by Guillaume Ross
Guillaume is a Principal Security Researcher at Uptycs. With experience as a security architect, consultant and with managing security operations, he loves to find ways to help organizations prevent attacks and reduce the noise that security and IT teams are subjected to.
I’m enjoying listening to Guillaume Ross from @uptycs give his take on Osquery. If you want to learn more about Osquery, I think @DefensiveDepth course on the topic is the best resource available. #SOCSummit https://t.co/ZOYf8JM0yZ pic.twitter.com/ChJZ1Y8EYr
— Chris Sanders (@chrissanders88) June 25, 2019
.@gepeto42 seriously knows his stuff on osquery! https://t.co/fLRzqbjf0J
— Eric Capuano (@eric_capuano) July 3, 2019
Osquery is a an open-source, cross-platform agent that turns your operating system into a virtual database, letting you leverage the power of the SQL language to ask anything from your system. Over 200 tables let you understand what processes are running, what users are logged in, where the machine is connected, what files are on disk and much, much more. Due to its flexibility and power, it makes an amazing tool for threat hunting, security monitoring, and even IT operations.
The topic of this webinar stems from a project that Guillaume has been working on since early 2019. While unfinished, he continues to update and tailor the presentation to fit the interests (and provide value to) of audiences at conferences such as:
Guillaume's presentation at the SANS SOC Summit 2019 earned him accolades in the "Staff Picks for Splunk Security Reading June 2019".
If this topic is of interest to you and/or your team, we encourage you to explore the work of Filippo Mottini (GitHub/Twitter: @teoseller). Filipo has gradually been working on mapping the MITRE ATT&CK Matrix to osquery and then creating query packs that can be used for osquery enterprise threat hunting. Learn more about this project here.
The best way learn about Uptycs is to reach out and request a demo.