Time
3 hours 1 minute
Difficulty
Advanced
CEU/CPE
3

Video Description

Data Visualization Tools (Continued) This lesson continues to discuss data visualization tools and offers a quick overview in using RiskIQ.

Video Transcription

00:04
we can do something very similar with risk i Q
00:08
another ah, free trial that you can you can get.
00:14
I think this one might have a time limit on it, but the threat connect, I believe, is just a free community edition that you can use indefinitely.
00:22
But this tool is also very useful.
00:25
Has a lot of different tough futures somewhat similar in some ways to threat connect. But
00:30
it's better to have more choices for your analysis than less so that's certainly something to think about.
00:36
So I'm gonna go ahead and log into this.
00:40
I am a deposit video for just a moment while I do that.
00:45
Okay, so we're at the dashboard,
00:48
and we can see that there are
00:50
areas where you can create your own projects. You can do your own foot printing.
00:54
Uh, I don't believe the free version allows you to create your own footprints, but you can look at some that are already there as examples,
01:03
and you see the integrations here multi go
01:07
being the one that we're more interested in.
01:11
And I just talked about how that's use with from within. Multi gills were not really dig into that any deeper.
01:19
But all these public projects,
01:21
our good area Thio
01:23
start poking around and seeing what kind of information
01:27
is being
01:29
analyzed with this. Within this platform, from a passive total,
01:34
it's their risk. I Q platform.
01:38
So it's quite a few things here.
01:42
We can just try one,
01:45
uh see, we have indication of compromise research into the Houdini malware, so let's go ahead and click this.
01:53
As we can see, we get a lot of good information right off the bat.
01:57
Several different artifacts were listed
02:00
with the person who created them and some various tags.
02:08
I didn't click on one of the artifacts,
02:10
and you can see that it's trying to retrieve a heat map so that might be useful.
02:16
And you can see from the different color coding that there's,
02:21
um,
02:22
various levels of activity throughout time,
02:30
and you can scroll this slider.
02:34
It looks like the most recent activity is in the in the
02:38
time from that were already in there,
02:43
and these are some of the other indications that are present in that in that diagram.
02:53
So I've got 16 hashes that are related to this I p address
03:00
some who is data
03:04
It's very simple use
03:06
and again with the
03:09
Oh, I don't have permission to view the footprint. Okay,
03:13
this may be something that you have to
03:15
purchase an *** use
03:19
that might be part of the problem there.
03:21
So we go back to home
03:23
and
03:27
we will look at what footprints look like.
03:30
Er, Doctor was one here I saw earlier
03:36
when that was already created.
03:40
Maybe not.
03:42
Okay, we'll just do it. We'll look at the footprints capability.
03:50
If you can tell, these can get pretty complex,
03:53
but it's showing lots of good information. Start maybe with one central domain in this case, Ah, USPS dot ghosts in the postal Service.
04:03
And it's got, you know, 11 critical CV ease five that air high 235 open ports.
04:12
And we can zoom in
04:15
to get a lot more of this information
04:18
a little bit easier to select something
04:24
again. Very useful to be able to, uh,
04:27
see this kind of information. Your fingertips?
04:30
Yeah. Footprint Enterprise edition is what you need. If you want to have this capability,
04:35
there's only so much you can get for free. But, uh,
04:40
that's a real quick overview. And from within this from within your profile, you can also get the AP Iike you to do the multi go integration

Up Next

Advanced Cyber Threat Intelligence

The Cyber Threat Intelligence (CTI) course is taught by Cybrary SME, Dean Pompilio. It consists of 12 modules and provides a comprehensive introduction to CTI. The subject is an important one, and in addition to discussing tactics and methods, quite a bit of focus is placed on operational matters including the various CTI analyst roles.

Instructed By

Instructor Profile Image
Dean Pompilio
CEO of SteppingStone Solutions
Instructor