The purpose of this video is to showcase Gravwell’s search capabilities through a slightly different lens than those of previous videos: that of a detection engineer.
While we are building on findings from our previous videos in this series, our objectives have shifted; namely, we are aiming to develop queries that will allow us to discover threat actor activity on a proactive basis. In support of this goal we will not be focusing expressly on query logic but rather on the findings surfaced via said queries.
We will then transition to the Automation “Flows’ functionality to show how a query can be translated to an automated notification using no-code workflows.