Plugs hundreds of endpoints into ‘single pane of glass’
Security boffins at ANZ, one of Australia’s largest banks, have offered their nightHawk incident response tools for organisations running free Mandiant tools.
Mandiant’s open source platform is fit for enterprises requiring incident response at scale, and can run off a laptop for many investigations.
ANZ bank security analysts Daniel Eden and Roshan Maskey published their work to GitHub
The custom asynchronous forensic tool depends on Mandiant Redline and operates on Amazon ElasticSearch backend.
“The application was born out of the inability to control multiple investigations or hundreds of endpoints in a single pane of glass,” the pair say.
Eden steps through the application’s features in a demonstration video adding that the platform is available as a dependancy-preloaded CentOS ISO install.
The application can return about 1000 large documents without load strain after which point server-side processing is required.
Their work sports a slick user interface with process trees that allow forensics types to view variables including arguments, paths, and start times.
The bank boffins are continuing to work on the tool including real-time tagging and commenting which can be viewable by other incident responders within nightHawk, and features that will improve reporting. ®
Sponsored: Global DDoS threat landscape report