Let’s take a look at some basic timeline creating workflows. However, the tool is rather adaptable so it’s ultimately your choice on how it can be used. This would ensure proper data retention and long-term value. I recommend its use during an initial investigation’s learning phase, and once complete or at a level of confidence, storing the data (as appropriate) in a central platform like the Vertex Project’s Synapse. How do the events now line up, and do you see any correlation of the two?Īeon is superb for these kinds of uses and many others, although I would recommend against using it as a form of TIP (Threat Intelligence platform) or for generally collecting and storing intelligence long term.
#AEON TIMELINE OPEN CUSTOM TEMPLATE DOWNLOAD#
Since Aeon currently does not come with a preloaded configuration/template for security research projects, I would like to use this blog to share our template, which you can now download and import. While our use in security research is rather unique, many of its features can be used for our purposes. For some context, Aeon Timeline is an interactive timeline tool used for a variety of industries, such as legal, creative writing, and education. I’ve found Aeon increasingly useful while researching threat activity, and I would highly recommend it for security practitioners. I hope this will encourage other security researchers to make use of timelines as a foundation to further their own research or for historical reference of related events.
Additionally, this blog contains the timeline file we made while tracking the threat activity related to the invasion of Ukraine. I’ll also provide a custom threat research-themed template for your own use. In this post, I’m going to walk through some examples of how I use Aeon Timeline. Being able to see how events relate to one another is powerful because it allows a researcher to organize complex threat activity and highlight context an actor cannot easily fabricate, even when considering specific misdirection techniques like file timestomping. For one, we are often faced with complex incidents that need a form of documentation to enable the identification of new context. Timelining threat campaigns is incredibly useful for many reasons. Like many in our field, I often have a desire to timeline a threat or mind map threat activity to better understand evolving campaigns, track new unknown activity, and generally keep up with the ever-changing threat landscape.
0 kommentar(er)
