Gravwell is an enterprise data fusion platform that enables security teams to investigate, collaborate, and analyze data from any source, on demand, all with unlimited data collection and retention. Ingest everything. Investigate anything.
This video is a follow up to our Triage series, with that covering our initial Alert and follow on triage. In this video we are going to investigate our environment based on indicators uncovered in our initial analysis; don’t worry, we’ll refresh you on those initial findings!
Using Gravwell we will explore our data and conduct our investigation as we try to understand the extent of our organization’s potential compromise.
Data Sources
github.com/KC7-Foundation/kc7_data/tree/main/envolvelabs2