Orienting a SOC Analyst In Gravwell

Presented by


About this talk

In this video, we will step through basic, common queries that a Security Operations Center analyst might use when trying to orient themselves to their data sources. We will use a series of exploratory queries on tabular data that has been setup with an auto extractor in advance. It is intentionally basic but builds up some basic, important tooling that any analyst would love to have available. We will ultimately build up to a common use case of hunting down the results of a phishing email. Viewers should walk away from this video with a better understanding of how to explore data sources within Gravwell.
Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (11)
Subscribers (1098)
Gravwell is a data platform with security lake features that enables teams to investigate, collaborate, and analyze data on-demand, from any source — all with unlimited data collection and retention.