Gravwell is an enterprise data fusion platform that enables security teams to investigate, collaborate, and analyze data from any source, on demand, all with unlimited data collection and retention. Ingest everything. Investigate anything.
While we are building on findings from our previous videos in this series, our objectives have shifted; namely we are aiming to develop queries which will allow us to discover threat actor activity on a proactive basis.
Data Source:
github.com/KC7-Foundation/kc7_data/tree/main/envolvelabs
Faux- Intelligence Report:
github.com/kkneomis/kc7_data/raw/main/envolvelabs/EnvolveLabs%20Training%20Guide%20(Intermediate).pdf
In support of this goal we will not be focusing expressly on query logic but rather on the
findings surfaced via said queries. We will then transition to the Automation “Flows’ functionality
to show how a query can be translated to an automated notification using no-code workflows