Triage: Introduction

 

We will build on previous videos, such as the SOC: Orienting An Analyst series, and discuss our analytical conclusions Gravwell: Orienting as An Analyst in real time while using Gravwell to facilitate our investigation.

In this video series, we are going to walk through a typical Security Analyst workflow: triage. We will use multiple data sources and straightforward queries to demonstrate how Gravwell can fit right into the investigations necessary for a Security Analyst to understand the scope of a potential intrusion.

Data Sources
github.com/KC7-Foundation/kc7_data/tree/main/envolvelabs2

TOP