Home

Welcome to the chutzpah wiki!

User experience is only 10% (the user, the customer) as data breach is also very common byproduct of an orchestrated investigation:

1- Entities, attributes and relationships extraction – first entities and relationships are extracted from alerts and evidences – such representation makes investigation and evidence gathering much faster and easier to understand.

2- Fusing related or highly similar alerts into Incidents - linking multiple alerts together as related to same incidents.

3- Automated, dynamic forensic analysis - initiate an automated analysis and evidence gathering, dynamically adjusting its steps to findings and conclusions. This might include running a network forensics query against an entity involved in an alert, remotely scanning a potentially infected endpoint, or fetching a file for deeper inspection. It may even carry an investigation into the future by temporarily raising sensitivity level of a relevant detection engine so that further relevant evidences may be collected.

4- The conclusion - evolve as evidence adds up, the initial set of alerts and the incident investigation hypothesis is either confirmed or it might be eliminated altogether as a false positive.

5- Analysts are in Control - eventually the automated investigation engines hands over the findings, conclusions and recommended next steps to the intel analyst.