|
|
|
|
|
|
by lmeyerov
3227 days ago
|
|
|
The ultimate answer is generally a small graph: Graphistry is a tool that helps you get there. Why that's hard is most Splunk, Spark, etc. queries will return a bunch of events, and each event has a bunch of metadata. A tool should help, not fall over. I think you're referring to scenarios closer to why we created the visual playbook concept and our embedding APIs. Small visualizations are often a good starting point in investigative scenarios. Even better.. no visualization, just full automation. We find this thinking comes up when the investigative flow is more established and curated. With visual playbooks, teams can record & automate multistep flows, run them whenever an incident happens, take action, and share & document the results. If part of the incident involves a bunch of events, or the analysts wants to dig in, our stack won't fall over. Instead, it provides a full visual analytics session with multiple cross-linked data views. And we're fans of Gephi. We GPU accelerated the core algorithm -- we may be coming from a different perspective and user base. |
|
|