Graphistry’s visual investigation templates make it easy to turn key visual investigations into a fast and repeatable process that can be shared, reused, and evolve over time. Visual templates bring together all the data an analyst will need for a particular investigation, and then guides them on a proven investigative workflow. As a result, teams can easily codify their best practices into a repeatable process that retains all the powerful insights and interactivity of Graphistry’s graph analytics.

Graphistry makes several leaps over older playbook automation approaches. First generation tools were difficult to author and interact with, so they are primarily limited to helping with headless autoresponses before an analyst starts their work. Likewise, they typically required heavy Docker or Python coding, so only a few team members could work with them.  Graphistry’s investigation templates brings automation into the live investigation phase, and authoring stays at the query level that analysts are already comfortable with.

 

 

Common Playbook for Malware Investigation

Automate the Collection of Data

Graphistry’s visual playbooks automates the tedious process of gathering data needed for an investigation. The solution connects to any data source with an API and automatically queries across SIEMs, Spark, Hadoop, CSVs, and threat feeds. Analysts start with all the data they need without a single manual query.

Interactive Workflows

Visual templates allows teams to record the interactive process of an investigation. A successful workflow can be repeated step-by-step or simply run all at once to deliver a complete interactive picture of the investigation. Most importantly this allows an organization’s best analysts to share successful techniques and processes with more junior analysts.

Click an event in Splunk and automatically populate an interactive investigation in Graphistry

Share and Embed

While Graphistry brings all of your data into a single visual context, we know that there is rarely a true “single pane of glass”. As a result, we make it easy to embed the power of graphs and visual playbooks anywhere you want. Embed playbooks in dashboards, notebooks or anywhere that supports the organization.

 

Deep Linking from Splunk

Splunk users can now trigger pre-built Graphistry playbooks and guided investigations directly from Splunk. Simply choose Graphistry as an available event action, and Graphistry automatically queries all the necessary data and delivers a full interactive, visually guided investigation. No more repetitive queries and sorting through tables, just right-click and see the answers.