1
00:00:02,680 --> 00:00:06,580
In this lecture I will explore squared which easy graphical Web interface.

2
00:00:06,580 --> 00:00:14,980
On top of screen so I will click on the icon of squared and we see that we are being asked for our credentials

3
00:00:16,240 --> 00:00:21,910
and you might see me say before that saying that the connection is not private or not so cute.

4
00:00:22,030 --> 00:00:26,800
So we have to click on advanced and then proceed as we have done with Elsa.

5
00:00:26,920 --> 00:00:32,890
And that is okay here in our lab environment but in production you have to say to your trusted certificate

6
00:00:32,890 --> 00:00:34,270
authority.

7
00:00:34,330 --> 00:00:45,920
So now I will take or submit and the first thing we have to sit here and squirt is to change the date

8
00:00:45,920 --> 00:00:50,610
of the alert because by default the alerts are displayed for the last date.

9
00:00:50,630 --> 00:00:59,480
So I will click on this link here and from school we see that the date of our alert is the twenty sixth

10
00:00:59,570 --> 00:01:00,020
of June.

11
00:01:00,020 --> 00:01:10,760
So in script I will select the month to June and then the date to be this date and we see now that the

12
00:01:10,760 --> 00:01:11,980
alerts are displayed.

13
00:01:14,760 --> 00:01:24,870
And we see the purity percentages and numbers for the alerts and we can focus on specific ability.

14
00:01:24,870 --> 00:01:29,850
For example the high Bertie events or alerts by clicking on this link

15
00:01:32,590 --> 00:01:44,510
and we want to find the alerts that we have classified before school as Category 7 or partisan fictions.

16
00:01:44,710 --> 00:01:48,580
We can find those under the malicious category.

17
00:01:48,580 --> 00:01:56,490
So we have here 48 alerts that we have classified before us in squeal as partisan fiction.

18
00:01:56,500 --> 00:02:03,970
So I will click on this link and here we see those alerts.

19
00:02:04,270 --> 00:02:11,260
So we have two groups of twenty four alerts the first group is the E.T. Trojan and the second group

20
00:02:11,290 --> 00:02:13,010
is the E.T. will she be itchy.

21
00:02:13,030 --> 00:02:15,550
So let us click on this one

22
00:02:21,930 --> 00:02:37,330
click one more time and here we see these events that were classified as category 7 and now I will clear

23
00:02:37,330 --> 00:02:43,270
the filter of this category.

24
00:02:43,360 --> 00:02:56,970
Now if we want to find the events that we have not classified has category 7 in its will but you should

25
00:02:56,970 --> 00:03:10,770
do that now in squirt me see those 48 events as not classified out of seventy two alerts with the E.T..

26
00:03:10,770 --> 00:03:13,390
Will she be the XY signature.

27
00:03:13,600 --> 00:03:22,040
So twenty four of those are classified as malware but 48 are not.

28
00:03:22,080 --> 00:03:33,360
So I will click on those now and we can classify for example these first 12 of them so I will click

29
00:03:33,480 --> 00:03:35,690
here and

30
00:03:38,950 --> 00:03:39,460
we can

31
00:03:42,530 --> 00:03:52,140
classify or categorize an individual events by three by checking on one of them or we can classify all

32
00:03:52,140 --> 00:03:59,800
of them so I will classify all of the alerts and then I will press on seven.

33
00:03:59,880 --> 00:04:08,070
So now we see that these alerts are classified now as Category 7 or virus infections and we see that

34
00:04:08,080 --> 00:04:18,890
the number of the malicious category is increased to be 60 instead of forty eight and we can see the

35
00:04:19,430 --> 00:04:24,550
events that we have escalated before and screen by clicking on this link.

36
00:04:24,770 --> 00:04:27,350
So we have two events or alerts

37
00:04:31,010 --> 00:04:31,630
we see

38
00:04:36,700 --> 00:04:44,160
alerts that we have escalated before in screen.

39
00:04:44,170 --> 00:04:53,380
And as we have seen it screen we can be right by what into other tools by clicking on the alert I.D.

40
00:04:54,760 --> 00:05:04,180
and then by boat into other tools specifically the academy tool that views become files and that we

41
00:05:04,180 --> 00:05:09,190
have seen before when working with Elsa.

42
00:05:11,380 --> 00:05:14,300
So now she's become me.

43
00:05:14,420 --> 00:05:28,120
And here in this tool can also download the backup file and analyze it using other tools such as white

44
00:05:28,130 --> 00:05:29,020
shark for example

45
00:05:33,020 --> 00:05:42,320
we can also buy what about specific IP address as we have done in squirrel by clicking on it and we

46
00:05:42,320 --> 00:05:50,660
can search for that IP here on script has a source or destination for example or we can buy what for

47
00:05:50,660 --> 00:06:01,120
example into other tools such as domain tools Elsa Google malware domain list Safe Browsing Virus Total.

48
00:06:01,400 --> 00:06:15,550
And other tools and we can buy but also about bots into other tools or hair and in.

49
00:06:15,590 --> 00:06:28,150
We can also group and and group events so here if I clear the filter and then go here and click on this

50
00:06:28,150 --> 00:06:28,570
link.

51
00:06:28,570 --> 00:06:34,900
So events are by default grouped in script but I can disable grouping so I click on that one or this

52
00:06:34,900 --> 00:06:39,130
link and then click on refresh.

53
00:06:39,190 --> 00:06:50,910
We see that the alerts are now grouped and I can group them again if I want so in this lecture we have

54
00:06:50,910 --> 00:06:56,160
explored squared and in the next lecture I will explain about the so inboard script.