Well, as we have seen, Locard’s axiom of “every contact leaves a trace” transcends both the physical and digital worlds of evidence. We have also highlighted the value of ensuring the visibility and integrity of that evidence to create a better opportunity for defense, response and investigation.
I have this (sometimes annoying) desire to tell anybody who will listen about the things I have discovered in information security which actually work! This is one of those things and these few words are me exercising that desire.
I have genuinely enjoyed threat hunting using this platform and would recommend it to anyone who wants to move beyond simple log aggregation in their efforts to protect what really matters.
As they say, seeing is believing so I urge you to make contact and try this technology for yourselves. You will, like me, have some of your preconceptions pleasantly challenged.
This post was originally published in February 2019 and has been updated for comprehensiveness.