Written by Ian Mc Garry, CMX Software Engineer
The release of CMX 10.2 is coming soon and with introduces the improved Correlation Widget. Allowing you to view the relationship between areas, Correlation is a powerful tool. To help introduce you to the widget we’ve put together some simple but beneficial use cases outlining its utility and power.
Correlation Use Case – Identifying the Relationship Between Areas
Certain areas within a location, such as shops, should have a natural interaction or correlation with each other. This can be due to their related nature, ease of accessibility or even close proximity with one another. For example in a mall we may have a flower shop and a card shop. A strong correlation between these shops is expected due to the well-known fact that flowers and gift cards go hand-in-hand. Using the Correlation Widget we can quantify this relationship and prove or even disprove our theory.
We set up a simple correlation widget that looks at the data for shops last week. Setting our Card Shop as the focus allows us to then see the Correlation between it and the other shops in the building.
From this chart we can see Read More »
Tags: CMX 10.2, connected mobile experiences, correlation, mobility
This post is co-authored by Martin Lee, Armin Pelkmann, and Preetham Raghunanda.
Cyber security analysts tend to redundantly perform the same attack queries with different input data. Unfortunately, the search for useful meta-data correlation across proprietary and open source data sets may be laborious and time consuming with relational databases as multiple tables are joined, queried, and the results inevitably take too long to return. Enter the graph database, a fundamentally improved database technology for specific threat analysis functions. Representing information as a graph allows the discovery of associations and connection that are otherwise not immediately apparent.
Within basic security analysis, we represent domains, IP addresses, and DNS information as nodes, and represent the relationships between them as edges connecting the nodes. In the following example, domains A and B are connected through a shared name server and MX record despite being hosted on different servers. Domain C is linked to domain B through a shared host, but has no direct association with domain A.
This ability to quickly identify domain-host associations brings attention to further network assets that may have been compromised, or assets that will be used in future attacks.
Read More »
Tags: analysis, Big Data, correlation, D3, Domain, edge, fast, Graph, Gremlin, IE, Intelligence, internet explorer, IP address, name server, node, relationships, research, threat, Titan, TRAC, vertex, visual, zero-day