All Lessons
Skillset Training
Part 0: Introduction - Video 1
Part 1: Understanding A Query - Video 2
Part 2: Operating on Enumerated Fields - Video 3
Part 3: Interacting with Enumerated Fields - Video 4
Part 4: A High Level View - Video 5
Part 5: Advanced Operating on Enumerated Fields - Video 6
Part 6: Finding The Victims - Video 7
Part 7: Hunting For A Phish - Video 8
Platform basics
How-To: Compound Queries & Non-Temporal Joins
Bootcamp course
Bootcamp - Lesson 01
Lessons/Skillset Training/Part 0: Introduction - Video 1

Part 0: Introduction - Video 1

The purpose of this content is to step through basic, common queries that a Security Operations Center analyst might use when trying to orient themselves to their data sources. We will use a series of exploratory queries on tabular data that has been setup with an auto extractor in advance. It is intentionally basic but builds up some basic, important tooling that any analyst will love to have available. We will ultimately build up to a common use case of hunting down the results of a phishing email.
Gravwell is an enterprise data fusion platform that enables security teams to investigate, collaborate, and analyze data from any source, on demand, all with unlimited data collection and retention. Ingest everything. Investigate anything.
TOP