Gravwell is an enterprise data fusion platform that enables security teams to investigate, collaborate, and analyze data from any source, on demand, all with unlimited data collection and retention. Ingest everything. Investigate anything.
We will build on previous videos, such as the SOC: Orienting An Analyst series, and discuss our analytical conclusions Gravwell: Orienting as An Analyst in real time while using Gravwell to facilitate our investigation.
In this video series, we are going to walk through a typical Security Analyst workflow: triage. We will use multiple data sources and straightforward queries to demonstrate how Gravwell can fit right into the investigations necessary for a Security Analyst to understand the scope of a potential intrusion.
Data Sources
github.com/KC7-Foundation/kc7_data/tree/main/envolvelabs2