Cisco Blogs

Cisco Blog > Mobility

CMX 10.2 Analytics – The Correlation Widget

gmcgarryWritten by Ian Mc Garry, CMX Software Engineer

The release of CMX 10.2 is coming soon and with introduces the improved Correlation Widget. Allowing you to view the relationship between areas, Correlation is a powerful tool. To help introduce you to the widget we’ve put together some simple but beneficial use cases outlining its utility and power.

Correlation Use Case – Identifying the Relationship Between Areas

Certain areas within a location, such as shops, should have a natural interaction or correlation with each other. This can be due to their related nature, ease of accessibility or even close proximity with one another. For example in a mall we may have a flower shop and a card shop. A strong correlation between these shops is expected due to the well-known fact that flowers and gift cards go hand-in-hand. Using the Correlation Widget we can quantify this relationship and prove or even disprove our theory.

We set up a simple correlation widget that looks at the data for shops last week. Setting our Card Shop as the focus allows us to then see the Correlation between it and the other shops in the building.


From this chart we can see Read More »

Tags: , , ,

Attack Analysis with a Fast Graph

TRAC-tank-vertical_logo-300x243This post is co-authored by Martin Lee, Armin Pelkmann, and Preetham Raghunanda.

Cyber security analysts tend to redundantly perform the same attack queries with different input data. Unfortunately, the search for useful meta-data correlation across proprietary and open source data sets may be laborious and time consuming with relational databases as multiple tables are joined, queried, and the results inevitably take too long to return. Enter the graph database, a fundamentally improved database technology for specific threat analysis functions. Representing information as a graph allows the discovery of associations and connection that are otherwise not immediately apparent.

Within basic security analysis, we represent domains, IP addresses, and DNS information as nodes, and represent the relationships between them as edges connecting the nodes. In the following example, domains A and B are connected through a shared name server and MX record despite being hosted on different servers. Domain C is linked to domain B through a shared host, but has no direct association with domain A.

graph_image_1 This ability to quickly identify domain-host associations brings attention to further network assets that may have been compromised, or assets that will be used in future attacks.

Read More »

Tags: , , , , , , , , , , , , , , , , , , , , , ,