Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

[flagged]


Edit: I guess the above post was trolling, but I think it's fair to ask what pivoting & playbooks are.

They're coming from the investigative & ops sides of the enterprise security world. Not terms I used when I was on the R&D side, but useful when they describe big chunks of your job:

-- "Visual pivoting" is where a visual tool -- typically in node-link diagrams like Maltego, Palantir, and ours (Graphistry) -- lets you click on an entity like a user etc, and get the result of running queries. For example, "according to vpn/dhcp logs, what hostname was this yesterday? Did the IDS logs say anything funny about that hostname?", or, "Looks like this patient had a bad experience with that doctor, what are the interactions other patients had with that doctor?" AFAICT, "pivoting" became the shorthand for "a left-join, including across different APIs instead of within one database".

-- We're using "Visual playbooks" to describe a way of helping turn a team's text documents describing their manual operating procedures for incident investigation & response into interactive software. They often can't just automatically trigger chef/puppet scripts because someone needs to check incident data. For example, we find a lot of teams want help triaging an endpoint incident alerts: resolving the host/user involved, what other alerts were happening for them, were other users/hosts getting similar alerts, and if external IPs are involved, what threat intel feeds say + is anyone else internally talking to those. A visual playbook helps you kick off an executable sequence of context-gathering pivots + maybe API action calls, and instead of returning a text file / dashboard, drops you into a visual analytics session that shows you how the pivot results chain together. So basically visual etl + visual analytics + visual querying.

It's new but fun. Hopefully you can see why osquery is a nice tool for some of the steps within an investigation... or visual playbook ;-)


I have a little exposure to enterprise security and I can't say I have heard visual playbook or visual pivotting. A quick Google search does not reveal that many links for either term. Between playboy or pivotting the only one that i associate with security is pivotting and that was started with Core Impact usage a decade ago.

I'm always interested in learning new things about security. Do you have any pointers to other materials related to visual playboy's or visual pivotting?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: