Time
3 hours 1 minute
Difficulty
Advanced
CEU/CPE
3

Video Description

Data Visualization Tools This lesson covers data visualization. Data visualization is an important aspect in the field of threat intelligence as it helps to gain a deeper understanding, identify patterns, trends, and correlations. Data visualization also appeals to a broader audience and using different tools allow the opportunity to produce the right kind of data and allows the data to be presented accurately. Whereas when data is produced manually, there are common errors such as numbers not adding up correctly, not following conventions, not using annotations as well as incomplete data. Available data visualization tools include: - Maltego

  • ThreatConnect
  • RiskIQ

Using multiple tools allows information to be cross-verified, which allows for greater accuracy and stronger threat analysis.

Video Transcription

00:04
All right, let's talk a little bit about data visualization.
00:07
This is a very important area to consider
00:11
for any type of analyst work.
00:15
The
00:16
the reporting of SETI I
00:19
entails different kinds of information. Some of it could be quite large and volume, so it makes a lot of sense to study some different
00:30
visualization tools and techniques
00:33
in order to
00:35
find the right combination of data and,
00:39
um,
00:40
graphics, too.
00:43
Let's let your information reach a broader audience.
00:46
You can also gain a deeper understanding by seeing different patterns and trends and other kinds of clues that might only become more obvious when you're looking at the data in a visual way.
01:00
Several tools that and websites that will see have some visualization capabilities.
01:07
You could get a little bit an overview of some of what's available
01:10
in the marketplace.
01:12
Another thing to consider
01:15
is
01:17
when visualizing information. If you're using a tool to do this, then
01:21
the chances are that all of your uh
01:25
data will be properly labeled and you won't have any problems with.
01:30
Be able to clearly identify what it is you're looking at,
01:34
but sometimes visualization is created manually or it's using a tool that
01:38
maybe in insufficient in some areas.
01:42
So there are some high level guidelines to think about,
01:47
making sure, for instance, that all of your
01:49
numerical analysis is correct. If you've got a
01:55
you know, list of percentages, for instance, and they're supposed to total 100
01:59
there should be a, uh,
02:00
quality chuck down to make sure that actually happens.
02:05
Using
02:06
pie charts or line graphs or bar charts when they're not expected
02:12
or in inconsistent ways would also be something to be aware of.
02:15
Ideally, reporting that that's used for this kind of purpose should be consistent and the look and feel
02:23
that that way it makes it easier for the people consuming the intelligence
02:28
to understand what they're looking at and, uh, reduces their need to ask for questions or clarification.
02:36
If data is being referenced, for instance, that cannot be found within the report,
02:42
that could also cause a problem. So
02:45
making sure that all the proper artifacts are attached, or or at least accessible within some kind of
02:53
supplement to the report. This makes a lot of sense to just double check all this stuff to verify that you've got everything together that needs to be together. All right, so speaking off
03:02
visualization tools,
03:05
one of the tools that we looked at in the introductory course was multi Go, and we'll also have a look at it again. Here, I'll do a little bit of demonstration
03:16
to give all of you an idea of what lt goes capable of doing.
03:22
As we can see here, Petrova offers
03:24
a free version of Multi Go.
03:29
This is also available in Cali lyrics.
03:31
It's the community edition
03:35
that you can use for free,
03:37
and all you have to do is
03:39
register with multi go, and
03:43
then you can download the community edition.
03:46
When you log into the tool,
03:49
you'll have to connect to their servers. And the reason that this is a requires because
03:54
pater vous servers actually contain the data that multi go uses to do all the visual ization
04:00
you can see. We've got a lot of different types of information
04:05
that can be used.
04:08
There's also a
04:10
transform hub,
04:13
and many of these vendors have their transforms already loaded into multi go, and you just have to install it and get it to work. In some cases, you may have to also register with the vendor to
04:28
insert a, um,
04:30
an AP ikey,
04:32
and this is a fairly simple to do.
04:36
Okay, so let's have a look at a couple of these websites. First, we'll look at a threat connect,
04:45
and, as it says here, you can get started for free.
04:48
It's pretty powerful tool, considering what you can do with it for free and have a little animation here
04:56
showing some of the capabilities
04:59
that, uh,
05:00
that are available.
05:05
And it's pretty, pretty interesting,
05:10
uh, features that this tool has.
05:13
You can spend a little time browsing the Web site,
05:15
but really, what we're interested in is making sure you can
05:19
integrate this with multimedia.
05:25
So sign up for your free account here.
05:28
I'm gonna go ahead and log in.
05:31
It's gonna pause for a second.
05:35
Okay? So when I get logged in, I'm at my dashboard,
05:41
and this gives me an overview of things that are going on in the community.
05:46
All the different intelligence source, as you can see her on the left
05:51
shows recent things that I've looked at her have searched
05:56
and even has a nice
05:58
visual graph showing all the different sources for aware of the information is coming from,
06:04
So confidence and rating
06:08
are ranked. And then the size of the circle indicates, uh, the volume of data.
06:15
Some other things, different indicators for observation,
06:20
tracking results.
06:25
So it's pretty, pretty a comprehensive tool, considering it's free.
06:30
So one of things will look at real quick is, uh,
06:33
the wanna cry when a ransomware has recently been in the news and
06:39
one of the domains associated with it Is this one right here?
06:46
So from within the tool,
06:47
we can look at some analytics,
06:51
get some other details here,
06:55
tells us, uh, this is a command and control host for the wanna cry decrypt er,
07:03
and it shows all these different indicators that have been associated with
07:08
I wanna cry
07:09
bunch of hash. Is there a bunch of files?
07:15
And it's even mentioning some snort rules
07:18
that you can use
07:23
pretty handy.
07:26
Okay, I can look at Thea
07:29
Well, the association's what we just saw down there,
07:32
but this will put it into a different formats. You can see all the individual items
07:38
and, uh,
07:40
there's, ah, some getting started tutorials and such that you can look at to get a better appreciation for what threat connect does for you
07:48
being able to cross cross, verify this information with tools like multi go. And so on is the goal here.
07:58
Now, if I go to my, uh,
08:00
my profile, I can then see the
08:03
the a p i ke that I mentioned
08:05
and that would allow me Thio connect
08:09
multi go to threat connects servers.

Up Next

Advanced Cyber Threat Intelligence

The Cyber Threat Intelligence (CTI) course is taught by Cybrary SME, Dean Pompilio. It consists of 12 modules and provides a comprehensive introduction to CTI. The subject is an important one, and in addition to discussing tactics and methods, quite a bit of focus is placed on operational matters including the various CTI analyst roles.

Instructed By

Instructor Profile Image
Dean Pompilio
CEO of SteppingStone Solutions
Instructor