Graphistry empowers the intuition and creativity of your hunters and ensures they never have to limit their scope. Graphistry abstracts the tedium of dealing with many tools and excessive scripting, and helps hunters focus on their data and follow connections. With Graphistry’s unmatched visual scale, hunters literally see more than ever before.
| Visual hunting with unprecedented scale in
the notebook embedding mode
- Simplify Complex Investigations with Fast Time-to-Graph - Easily visualize and correlateacross multiple data sources, devices, and phases of attack to understand scope and progression of a threat.
- See the Big Picture with GPUs - Industry-leading visual scalability allows you to visualize over 100x more data than previously possible, ensuring the broadest possible scope for your hunt. See patterns and outliers that would otherwise be missed. Be free to audit any time range and entirety of a log type (e.g. see all login failures).
- Repeat Successful Hunts - Build visually interactive playbooks to accelerate hunts for Lateral Movement, Golden Ticket, Command-and-Control, Exfiltration and more. Build this mini-tools directly into your dashboards.
- Integrate With Data Science Notebooks -Bring rich interactive visualizations to leading notebooks such as Jupyter, Zeppelin, Databricks, and more.
- Collaborate - Collaborate and share with colleagues, intelligence teams, and threat feeds.
How it Works
- Run in a standalone environment connected to Splunk, ELK, and more, or embedded from within your data science notebook workflow
- Write regular Splunk, ELK, Spark SQL, etc. queries but get smart auto-generated visualizations back
- Explore big event and entity graphs to see more correlations and patterns than previously possible
- Visually pivot, dynamically drill, and access many summary views in the rich visual environment
- Save sessions and share with colleagues or for T1//T2 followup
- Save useful hunt workflows into reusable visual playbooks
Threat Hunting Features
- Notebook-friendly: Jupyter, Databricks, Beaker, and others
- VIsualize anything: devices, users, agents, alerts, transactions, IOCs, killchains, netflows, threat APIs …
- Big interactive graphs: 1M+ nodes/edges with layouts and interactions purpose-built for this scale
- Full-featured visual environment: automatically integrated interactive timebars, histograms, search, ...
- Waste less time combining datasets into unified visualizations
- Sharing & exporting