1
00:00:01,580 --> 00:00:07,400
In this lecture I will explain about how to buy votes from squeeze into other tools.

2
00:00:07,500 --> 00:00:18,420
So first I will close the step and we see here that we have so many alerts so if we want to focus our

3
00:00:18,420 --> 00:00:29,730
analysis on specific alert or a specific group of alerts we can buy what into other tools by right clicking

4
00:00:31,470 --> 00:00:34,830
into the pilot I.D. and then choose a tool.

5
00:00:35,280 --> 00:00:37,890
So for example network minor

6
00:00:40,790 --> 00:00:49,450
and here we see information about the hosts files including malicious ones.

7
00:00:49,460 --> 00:00:59,000
Once if any emails misses credentials sessions DNS and other information

8
00:01:02,500 --> 00:01:08,410
and we can by vote into wire shark for example

9
00:01:16,770 --> 00:01:20,920
where we can analyze the packet in detail.

10
00:01:21,270 --> 00:01:29,010
So for example we can extract possible emails whose files there that were transferred analyze them ourselves

11
00:01:29,070 --> 00:01:38,490
or submit them to we analyzed on sites such as Virus Total and we will explain more about why a shark

12
00:01:38,730 --> 00:01:39,990
in the next lectures

13
00:01:46,540 --> 00:01:49,990
and we can get more info about the specific IP address.

14
00:01:50,170 --> 00:01:58,960
For example we can make a query from the query menu and then clearly by IP and then it does select this

15
00:01:58,960 --> 00:02:12,400
IP on ninety five to two the two fifty three that ninety two and then click on built and then I have

16
00:02:12,400 --> 00:02:22,280
to change the date to include ads or events that these IBD involved in.

17
00:02:22,320 --> 00:02:25,700
So then I will click on submit.

18
00:02:25,980 --> 00:02:36,330
Here we see that we have about forty eight records about this IP so I will close the tab and we can

19
00:02:36,330 --> 00:02:39,760
also buy what about the IP into other tools.

20
00:02:40,020 --> 00:02:50,010
So let us try and divert into Elsa for example so I will click right click on this IP and then choose

21
00:02:50,220 --> 00:02:57,640
Elsa look up and search for that IP as a source.

22
00:02:57,670 --> 00:03:04,910
So now we see that we have to enter our credentials into Elsa Logan

23
00:03:15,970 --> 00:03:25,330
and we did not get any results because of the dates or I will change the date once more time and then

24
00:03:26,170 --> 00:03:27,650
hit enter.

25
00:03:28,960 --> 00:03:40,180
So here we see the info about that IP in Elsa crewed by the program like snot broken action profiles

26
00:03:40,600 --> 00:03:42,240
and pro TDB

27
00:03:48,250 --> 00:03:56,650
let us try and buy what into another tool for example Virus Total but let us try with another IP so

28
00:03:57,260 --> 00:03:58,330
let us try with this one.

29
00:03:59,440 --> 00:04:10,880
So what we have tried to click on it and in select Virus Total and then source IP and here we see information

30
00:04:10,910 --> 00:04:14,480
about that Ivy like the country.

31
00:04:14,480 --> 00:04:18,320
The domain names the detected

32
00:04:21,580 --> 00:04:27,360
malicious you are else and how many antivirus is detected.

33
00:04:27,360 --> 00:04:28,960
That as malicious.

34
00:04:28,960 --> 00:04:36,070
So for example this one is detected by three out of 64

35
00:04:39,050 --> 00:04:50,030
and below that we find it malicious files that were downloaded from that IP and the hashes and also

36
00:04:51,500 --> 00:04:52,790
undetected and detected

37
00:04:55,870 --> 00:04:57,330
malicious downloaded files

38
00:05:00,460 --> 00:05:14,800
detected and undetected files that communicated with that IP and here we see the dates that there was

39
00:05:14,830 --> 00:05:17,990
a malicious activity associated with that IP.

40
00:05:18,130 --> 00:05:27,400
So it might not be malicious now and because we have used TCB really comment with VB cat files our timestamps

41
00:05:27,430 --> 00:05:30,190
where of the date we run the comment.

42
00:05:30,190 --> 00:05:36,820
But if you want to get timestamps in Alsace grill and squirt with the dates that those B cups files

43
00:05:36,910 --> 00:05:44,320
were originally created we have to use the saw and board script and in that case we will get timestamps

44
00:05:44,320 --> 00:05:53,040
close to those shown here in Virus Total and in fact if this was a life attack attacking reduction then

45
00:05:53,040 --> 00:05:59,400
it is recommended to use internal analyses method instead of an external one because attackers could

46
00:05:59,400 --> 00:06:00,670
know about that.

47
00:06:00,690 --> 00:06:02,190
We are tracking them

48
00:06:05,270 --> 00:06:15,070
and also we can buy what about the source sport and destination bot.

49
00:06:16,310 --> 00:06:22,910
So in this lecture I have explained about how to buy what from squeal into other tools and in the next

50
00:06:22,910 --> 00:06:27,710
lecture I will explain about how to categorize events in squeal.