Graphistry empowers the intuition and creativity of your hunters and ensures they never have to limit their scope. Graphistry abstracts the tedium of dealing with many tools and excessive scripting, and helps hunters focus on their data and follow connections. With Graphistry’s unmatched visual scale, hunters literally see more than ever before.

Visual hunting with unprecedented scale embedded in your favorite notebook

Simplify Complex Investigations

Easily visualize and correlate across multiple data sources, devices, and phases of attack to understand scope and progression of a threat.

 

See the Big Picture

Industry-leading visual scalability allows you to visualize over 100x more data than previously possible, ensuring the broadest possible scope for your hunt. See patterns and outliers that would otherwise be missed. Hunt across longer time ranges and see all relevant logs and data.

Malware Attack Scope and Progression

Repeat Successful Hunts

Build visually interactive playbooks to accelerate hunts for Lateral Movement, Golden Ticket, Command-and-Control, Exfiltration and more. Build this mini-tools directly into your dashboards.

 

Integrate With Data Science Notebooks

Bring rich interactive visualizations to leading notebooks such as Jupyter, Zeppelin, Databricks, and more.

 

Collaborate

Collaborate and share with colleagues, intelligence teams, and threat feeds.

HOW IT WORKS

1

Run in a standalone environment connected to Splunk, ELK, and more, or embedded from within your data science notebook workflow

2

Write regular Splunk, ELK, Spark SQL, etc. queries but get smart auto-generated visualizations back

3

Explore big event and entity graphs to see more correlations and patterns than previously possible

4

Visually pivot, dynamically drill, and access many summary views in the rich visual environment

5

Save sessions and share with colleagues or for T1//T2 followup

6

Save useful hunt workflows into reusable visual playbooks

INCIDENT RESPONSE FEATURES

Notebook-friendly: Jupyter, Databricks, Beaker, and others

Visualize anything from devices, users, agents, alerts, transactions, IOCs, killchains, netflows, threat APIs, and more

Big interactive graphs: 1M+ nodes/edges with layouts and interactions purpose-built for this scale

Full-featured visual environment: automatically integrated interactive timebars, histograms, search, and more

Support for Common Investigation Types

Malware, Phishing, Lateral Movement, 360 Views, ...

Sharing & Reporting

Annotate, save, resume, and file investigation sessions, with each step reported and reproducible