Osquery: A Modern Approach to CSIRT Analytics

  • Webcast Aired Wednesday, 20 Mar 2019 3:30PM EDT (20 Mar 2019 19:30 UTC)
  • Speakers: Dave Shackleford, Milan Shah

Speed to detection and the ability to provide a comprehensive view of breached systems are the bread and butter of modern CSIRTs. However, having a reliable, comprehensive and consolidated view of high-fidelity system data can often be a frustrating barrier to reducing dwell time, and activating remediation and communication plans.

Join Milan Shah, Uptycs Co-Founder and CTO, as he explores how the open source, universal agent, osquery, is providing a 'single view of the truth ' with a comprehensive data set inclusive of 100's of system attributes across operating systems, containers and cloud workloads. Then, see how Uptycs ' Osquery-Powered Security Analytics Platform further enhances incident investigation with query speeds that match your train of thought, complete historical state recreation, hundreds of performance optimized pre-scheduled queries for continuous monitoring, and more.

Attendees of this webinar will gain an understanding of:

  • How osquery works, and what data it collects
  • How osquery would fit into a comprehensive IR capability (integration with existing tooling, required team skills, etc)
  • How Uptycs reduces the time and costs associated with deploying osquery at scale