CISA Introduces Open-Source Threat Visualization Platform
The RedEye tool is a joint project from CISA and the Department of Energy’s Pacific Northwest National Laboratory that gives red and blue teams a way to look for data that leads to practical decisions. RedEye can analyze logs from attack frameworks and lets users better understand complex data through a threat mapping function.
The platform also allows users to upload data and view beacon and command data, among other relevant information. Campaign logs loaded into RedEye can be viewed by other users as well through a graphical representation, Bleeping Computer reported.
Through RedEye, users can explore events in selected campaigns and follow an attacker’s penetration path. Other capabilities include data exportation for client review and presentation generation.
By using the predictive analytics tool, ethical hackers can inform customers to assess complex data, digest them and allow them to inform customers about how perpetrators operate.
The tool currently analyzes data from the Cobalt Strike platform. It has been tested and confirmed to work on select versions of Linux, macOS and Windows.
RedEye is available on the GitHub repository. Other tools available on GitHub include the Malcom network traffic analysis tool and the Sparrow account compromise detection offering.
Category: Federal Civilian
Tags: Bleeping Computer CISA Cobalt Strike command and control Cybersecurity and Infrastructure Security Agency federal civilian predictive analytics RedEye threat monitoring