Setup & Configuration

Setup & Configuration
Manual Uninstall of Uptycs Protect on MAC
Uninstallation of Uptycs Protect on MAC: 1. First, unload the osquery daemon from the terminal by executing the commands below: sudo launchctl unload /Library/LaunchDaemons/com.facebook.osqueryd.plist sudo rm -rf private/var/osquery ...
Verify eBPF on endpoints
There are many ways by which you can confirm if an asset has eBPF enabled or osquery is running in eBPF mode. Check if the asset has eBPF enabled using realtime query : select (count(*) != 0) as ebpf_enabled from ebpf_dedup_stats; Generally the count ...
Osquery and other Antimalware and AV products
As a general recommendation, it is a best practice to follow the below exclusions from monitoring by AV and antimalware products : Windows - Exclude osquery folder : " C:\Program Files\Uptycs\osquery " Linux - Exclude osqueryd path : " ...
Osquery Upgrade via API
Introduction Uptycs provides an Osquery upgrade API call (assets/upgradeOsquery) to assist you with upgrading the Osquery agent on your assets along with the GUI functionality. Different Ways To Update Assets: 1.) Updating assets manually: - You can ...
Install Uptycs Protect (AIX) without process blocking
Currently, in AIX with Uptycs-protect installation process blocking and dns blocking are not supported. Thus after the installation below steps need to be followed to install the uptycs-protect sensor. The below method of procedure describes the step ...
Install Uptycs Protect on MacOS by MDMDeployment
Install Uptycs Protect on MacOS by MDMDeployment This article focuses on the deployment of configuration profiles to install Uptycs Protect using anMDM provider on macOS. Notably, it does not explore the distribution of installation packages.For ...
Installing Uptycs Protect using Jamf Pro
Overview This document outlines the procedure on how to install the Uptycs Protect agent on macOS using Jamf. If you are already familiar with Jamf, please use the attached UptycsProtect.plist and UptycsProtect.mobileconfig files to setup Uptycs ...
Installing OSQuery using Jamf Pro
Overview This document outlines the procedure on how to install the Uptycs osquery agent on macOS using Jamf. If you are already familiar with Jamf, please use the attached UptycsOsquery.plist and UptycsOsquery.mobileconfig files to setup Uptycs ...
Default permissions assigned to a role
Following permissions are minimal permissions and are assigned to a role by default even if they are not provisioned. ALERT_RULE:READ ALERT:READ API_KEY:READ ASSET:READ ASSET_CLOUD_INSTANCES:READ ASSET_GROUP_RULE:READ ATC_QUERY:READ AUDIT_RULE:READ ...
Provisioning roles through Uptycs portal
Overview Starting with Uptycs portal release 46025, Uptycs provides entity level granular user permissions through roles. Roles can be provisioned / modified by navigating to Roles GUI / API. This document outlines the process to create roles using ...
Tips for designing Investigate query parameters
Query parameters allow users to create variables to be used in an individual query and can be referenced multiple times within the query. This feature facilitates writing queries that often refer to changing values the user would otherwise have to ...
Guidelines for SQL Alerts Rules / Events Rules / Scheduled Queries
Consider time it takes for events / data shows up in the back-end. On Uptycs portal, data should be visible on the backend in less than 6 minutes. Note : 6 min delay is already coded in for :from and :to variables. upt_server_time BETWEEN :from AND ...
osqueryd Flags and command line guide
$ sudo osqueryd --help Password: osquery 3.3.2.45-Uptycs, your OS as a high-performance relational database Usage: osqueryd [OPTION]... osquery command line flags: --flagfile PATH Line-delimited file of additional flags --D Run as a daemon process ...
How To Limit Endpoint Resource Utilization
Introduction The Uptycs osquery agent is designed for low resource utilization on your endpoints, however there may still be some cases where you need to limit resource utilization, this article describes how. Watchdog 'Configuration -> Flag ...
Steps to manually install/uninstall Osquery on Ubuntu based Linux
Overview This document outlines the procedure on how to install/uninstall osquery on Ubuntu-based Linux. Procedure Installation Download the installer. Copy the Ubuntu installer (osquery-<version>-deb) to the endpoint (to a directory such as /tmp) cp ...
Installing Uptycs Agent on MacOS using JAMF
Overview This document outlines the procedure on how to install the Uptycs osquery agent on macOS using JAMF. Procedure Installation Download the installer. Login to JAMF. You must have a JAMF Plus plan to be able to deploy custom macOS packages ...
Steps to manually install/uninstall on CentOS/RHEL
Overview This document outlines the procedure to install or uninstall the Uptycs osquery agent on a CentOS/RHEL system that uses systemd. You may choose to use either rpm or yum based on your environment standards. Procedure Installation with rpm ...
Steps to manually install/uninstall Osquery on CentOS Linux
Overview This document outlines the procedure on how to install/uninstall osquery on CentOS-based Linux. Procedure Installation Download the installer. Copy the Ubuntu installer (osquery-<version>-rpm) to the endpoint (to a directory such as /tmp) cp ...
Flag configuration for Multiple Proxy Support
The support for multiple proxies has been introduced after the release Osquery version 3.2.6.40 and above. Multiple proxies can be setup through the flag profile. The list of proxies are specified as a comma-separated list. Osquery will attempt to go ...
Osquery Flag configuration to use HTTP Proxy in Windows assets
Per default configuration,osquery in a windows asset checks, if it can reach to uptycs cloud; before doing an Enrollment request. If it is able to connect, it will continue without using any proxy. If above connection attempt fails, 1) Then osquery ...
Proxy support
Overview Uptycs agent (osquery) needs cloud connectivity to function properly. However, endpoints might not be accessing the internet directly. A lot of scenarios have emerged where the endpoint uses proxy servers to connect to internet. This is ...
Auto tagging using global query
This article provides details on how to create auto tag rules using a global query. Currently, auto tagging using a global query can be achieved using API only. GUI based solution will be available in release 77. Global query based auto tag rules can ...
Steps to manually install / uninstall osquery on an Ubuntu system
Overview This document outlines the procedure on how to install / uninstall osquery on an Ubuntu system Procedure Installation sudo dpkg -i osquery-<version>-Uptycs.deb Uninstall sudo service osqueryd stop sudo apt-get remove osquery # Cleanup ...
How to download Uptycs agent
Overview This document outlines the procedure to download Uptycs agent (osquery) for different OS. Details 1:Login to Uptycs portal 2: Click on the Uptycs Icon on the left pane of the screen and Click on Software Download: 3: We provide separate ...
Operating System versions supported by Uptycs OSquery agent
The article includes the list of operating system supported by Osquery successfully in our labs. Legend: U- Ubuntu C- CentOS R - RHEL W - Windows M- MacOS D - Debian A- Amazon AMI Osquery version U 14 U 16 U 18 C 6 C 7 C 8 R 5 R 6 R 7 R 8 A 2 2018 ...
Creating a custom Yum Repo that contains Uptycs
Overview This document details steps to create a custom yum repository containing the Uptycs osquery agent. Procedure Note : Steps provided below can be placed into a Chef recipe. # get the createrepo package (if not installed already) yum -y install ...
Install Uptycs agent with Chef
Overview This document outlines the steps / procedure to install Uptycs osquery agent using Chef Pre-requisite(s) yum repo containing Uptycs - Creating a custom Yum Repo that contains Uptycs Details Following chef recipe can be used to install the ...
Installing Uptycs osquery on Kubernetes
Copy the your YAML manifest file (uptycs_osq_daemonset_<customer>.yaml) to the kubernetes client machine (a machine with the command: kubectl). 1. Create the daemon set using following command: kubectl create -f ...
Installing osquery on MacOS Catalina if error "Apple cannot check it for malicious software"
If the installation on MacOS Catalina fails with the error "osquery-v-xxxxx-Uptycs-darwin.pkg can't be opened because Apple cannot check it for malicious software" Then download the agent without flags & secret ...and install it. Then download the ...
Steps to manual install/uninstall osquery on Windows a system
Overview This document outlines the procedure on how to install/uninstall osquery on a Windows Procedure Installation Right-click (or double-click) the pkg file and choose "Install" OSquery will self-install. Uninstall Go to the "Control Panel" ...

Announcements
Release notes-Release 106069
June 2, 2022 XDR New Feature Global Threat Intelligence (GTI) Uptycs GTI feature for the Security/SOC analyst to identify threat indicators such as bad IP addresses or suspicious domains, along with evidential data and insightful information from various
Release notes-Release 105051
May 15, 2022 XDR Enhancements Support to attach global rule exceptions to event rules and alert rules automatically based on matching table name. For more information, see Global Rule Exceptions. Kubernetes Security Posture Management (KSPM) Enhancements
Release notes-Release 104065
April 29, 2022 SaaS New Feature Zero Trust Score Capability to specify severity for a compliance check per OS. When a compliance check runs on an endpoint, a zero trust score is calculated by the pass/fail status of the compliance check and the specified
Release notes-Release 103055
April 10, 2022 SaaS New Feature Exploit Tracker New dashboards to monitor Spring Shell and Spring Cloud vulnerabilities. For more information, see Exploit Tracker. Enhancements Bulk enable, disable, or delete Global Rule Exceptions. For more information,
Release notes-Release 102039
March 27, 2022 SaaS New Feature Managed Anti-virus (AV) Dashboard - Beta Managed AV dashboards to monitor Windows defender status and threat history of Windows endpoints. For more information, see Managed AV Dashboards. New Feature Disk Scans - Beta

Setup & Configuration | Knowledge Base

Manual Uninstall of Uptycs Protect on MAC

Verify eBPF on endpoints

Osquery and other Antimalware and AV products

Osquery Upgrade via API

Install Uptycs Protect (AIX) without process blocking

Install Uptycs Protect on MacOS by MDMDeployment

Installing Uptycs Protect using Jamf Pro

Installing OSQuery using Jamf Pro

Default permissions assigned to a role

Provisioning roles through Uptycs portal

Tips for designing Investigate query parameters

Guidelines for SQL Alerts Rules / Events Rules / Scheduled Queries

osqueryd Flags and command line guide

How To Limit Endpoint Resource Utilization

Steps to manually install/uninstall Osquery on Ubuntu based Linux

Installing Uptycs Agent on MacOS using JAMF

Steps to manually install/uninstall on CentOS/RHEL

Steps to manually install/uninstall Osquery on CentOS Linux

Flag configuration for Multiple Proxy Support

Osquery Flag configuration to use HTTP Proxy in Windows assets

Proxy support

Auto tagging using global query

Steps to manually install / uninstall osquery on an Ubuntu system

How to download Uptycs agent

Operating System versions supported by Uptycs OSquery agent

Creating a custom Yum Repo that contains Uptycs

Install Uptycs agent with Chef

Installing Uptycs osquery on Kubernetes

Installing osquery on MacOS Catalina if error "Apple cannot check it for malicious software"

Steps to manual install/uninstall osquery on Windows a system

Announcements

Release notes-Release 106069

Release notes-Release 105051

Release notes-Release 104065

Release notes-Release 103055

Release notes-Release 102039