Triage: From Maldoc to Hands On Keyboard Intrusion

The purpose of this content is to showcase Gravwell’s search capabilities in use alongside a typical security analyst’s triage workflow. We will build on previous videos, such as Gravwell: Orienting as An Analyst, and discuss our analytical conclusions in real time while using Gravwell to facilitate our investigation. This video is significantly more focused on a specific set of analytic use cases centered on security event triage and will forgo in depth breakdowns of query logic. Viewers will walk away from this video with an improved understanding of how Gravwell fits into a common security workflow by enabling analysts to pursue investigative leads within their data to support triage efforts.