The newest Sqrrl release, Sqrrl Enterprise 2.3, unveils a number of features which enhance the user experience and platform capabilities. So whether you’re an experienced hunter using Sqrrl today, or just discovering us for the first time, take a look at some of these new and noteworthy enhancements to the platform that lets you target, hunt, and disrupt your adversaries.
The Sqrrl 2.3 exploration interface
Visually building a Cyber Ontology
The new release takes advantage of Sqrrl Explorer’s graphical layout capabilities to provide a more visual way to manage your cyber security ontologies. When configuring an analytical model, you work from a visual overview containing the model's entity and relationship classes.
The visual overview looks very similar to our explorations graph. From this overview, you can create, configure, and delete entity classes and relationship classes, as well as map source data to the model.
Time Series Events
Sqrrl version 2.3 has expanded its time series functionality to include the modeling of event-oriented data on relationships in addition to entities. This means that you can now perform time-based rollups and computations on any element in the ontology and bound searches by any given time window.
Exploring the Data
But what’s the point of intaking all this data and having visual models if you can’t explore it in an intuitive way? These are the ways we’ve revamped how you can explore what you load into Sqrrl.Revealing all of the relationships among nodes
A new option on the Explore page toolbar allows you to surface all of the relationships among the currently selected entity instances.
This allows you to quickly discover new relationships that were not immediately apparent from the initial query or subsequent exploration, and is particularly useful in cyber hunting. After surfacing initial entities in an investigation, showing links among nodes enables you to identify relationships that are otherwise easily overlooked.
Collaborating on Hunting Trips
The Exploration Context panel includes an inline annotation capability button, so you can quickly document, save, and share the investigation you are working on. This is especially useful for collaborating on hunting trips, revisitingprevious findings, and generating reports for line managers and executives.
Advanced Analytics Integration
Sqrrl’s analytics integration lets developers deploy custom jobs over data stored within the Sqrrl backend in an external Hadoop-based runtime like MapReduce or Spark. Users can pipe the results of any Sqrrl query to the Hadoop compatibility layer, choosing to leverage open-source advanced analytics packages or creating custom analytic tasks.
The new features of Sqrrl Enterprise make it easier than ever to start storing, analyzing, and hunting through your data to detect hidden threats and advanced adversaries. Never used our platform before? Check out the link below to take our Test Drive VM for a spin.