• Skip to main content
  • Skip to footer

Brianne Fahey

  • Read My Blog
  • Contact Me

Find a Flow

February 16, 2018 by Brianne

If you can see it, you can get to it.

When I think through the parts of an event analysis, I look to put things in order and in perspective on my way from a hypothesis to a conclusion. Putting together a thought outline that works for me was a good excuse to test out LucidChart.

In my example, I start by enumerating the actor’s profile and the activity that generated a signal.  If I can source, trace, and verify the details pulled out of the logs to connect activities to an IP or a piece of hardware or an application or a procedure or an owner, I can work to build out the story and resolve my questions. When the case requires input from an investigation partner like human resources, you’ll have a solid frame of notes and findings to rely on for that discussion.

One of the reasons I chose this scenario as an example is because I believe a successful analysis is a complete analysis. Thorough, of course – to your personal quality level, but not necessarily ending the the proving out of malicious activity. Vetting that activity can be anomalous and still acceptable is a decent outcome.

You don’t have to catch a bad guy to do a good job.

Build a structure that works for you.  Once you establish your flow and create a template, you’ll start to save some time without sacrificing quality. Find your flow and go catch yourself some answers.

Filed Under: Applied Security, Featured Tagged With: analysis, diagram, lucidchart, procedure, visualize

About Brianne

Footer

Social

  • GitHub
  • LinkedIn
  • RSS
  • Twitter

From the Blog:

Defending with Graphs

By Brianne

Make Your Way There

By Brianne

The Resourceful Will Find a Way

By Brianne

Research

Whitepaper in the SANS Reading Room:
Defending with Graphs: Create a Graph Data Map to Visualize Pivot Paths

© 2021 · P. Brianne Fahey, Cyber Threat Analyst