All right, let's talk a little bit about data visualization.
This is a very important area to consider
for any type of analyst work.
the reporting of SETI I
entails different kinds of information. Some of it could be quite large and volume, so it makes a lot of sense to study some different
visualization tools and techniques
find the right combination of data and,
Let's let your information reach a broader audience.
You can also gain a deeper understanding by seeing different patterns and trends and other kinds of clues that might only become more obvious when you're looking at the data in a visual way.
Several tools that and websites that will see have some visualization capabilities.
You could get a little bit an overview of some of what's available
Another thing to consider
when visualizing information. If you're using a tool to do this, then
the chances are that all of your uh
data will be properly labeled and you won't have any problems with.
Be able to clearly identify what it is you're looking at,
but sometimes visualization is created manually or it's using a tool that
maybe in insufficient in some areas.
So there are some high level guidelines to think about,
making sure, for instance, that all of your
numerical analysis is correct. If you've got a
you know, list of percentages, for instance, and they're supposed to total 100
there should be a, uh,
quality chuck down to make sure that actually happens.
pie charts or line graphs or bar charts when they're not expected
or in inconsistent ways would also be something to be aware of.
Ideally, reporting that that's used for this kind of purpose should be consistent and the look and feel
that that way it makes it easier for the people consuming the intelligence
to understand what they're looking at and, uh, reduces their need to ask for questions or clarification.
If data is being referenced, for instance, that cannot be found within the report,
that could also cause a problem. So
making sure that all the proper artifacts are attached, or or at least accessible within some kind of
supplement to the report. This makes a lot of sense to just double check all this stuff to verify that you've got everything together that needs to be together. All right, so speaking off
one of the tools that we looked at in the introductory course was multi Go, and we'll also have a look at it again. Here, I'll do a little bit of demonstration
to give all of you an idea of what lt goes capable of doing.
As we can see here, Petrova offers
a free version of Multi Go.
This is also available in Cali lyrics.
It's the community edition
that you can use for free,
and all you have to do is
register with multi go, and
then you can download the community edition.
When you log into the tool,
you'll have to connect to their servers. And the reason that this is a requires because
pater vous servers actually contain the data that multi go uses to do all the visual ization
you can see. We've got a lot of different types of information
and many of these vendors have their transforms already loaded into multi go, and you just have to install it and get it to work. In some cases, you may have to also register with the vendor to
and this is a fairly simple to do.
Okay, so let's have a look at a couple of these websites. First, we'll look at a threat connect,
and, as it says here, you can get started for free.
It's pretty powerful tool, considering what you can do with it for free and have a little animation here
showing some of the capabilities
And it's pretty, pretty interesting,
uh, features that this tool has.
You can spend a little time browsing the Web site,
but really, what we're interested in is making sure you can
integrate this with multimedia.
So sign up for your free account here.
I'm gonna go ahead and log in.
It's gonna pause for a second.
Okay? So when I get logged in, I'm at my dashboard,
and this gives me an overview of things that are going on in the community.
All the different intelligence source, as you can see her on the left
shows recent things that I've looked at her have searched
visual graph showing all the different sources for aware of the information is coming from,
So confidence and rating
are ranked. And then the size of the circle indicates, uh, the volume of data.
Some other things, different indicators for observation,
So it's pretty, pretty a comprehensive tool, considering it's free.
So one of things will look at real quick is, uh,
the wanna cry when a ransomware has recently been in the news and
one of the domains associated with it Is this one right here?
So from within the tool,
we can look at some analytics,
get some other details here,
tells us, uh, this is a command and control host for the wanna cry decrypt er,
and it shows all these different indicators that have been associated with
bunch of hash. Is there a bunch of files?
And it's even mentioning some snort rules
Okay, I can look at Thea
Well, the association's what we just saw down there,
but this will put it into a different formats. You can see all the individual items
there's, ah, some getting started tutorials and such that you can look at to get a better appreciation for what threat connect does for you
being able to cross cross, verify this information with tools like multi go. And so on is the goal here.
Now, if I go to my, uh,
my profile, I can then see the
the a p i ke that I mentioned
and that would allow me Thio connect
multi go to threat connects servers.