With a graph-oriented database at its core, Sqrrl excels at streamlining hunts and investigations by laying out network, endpoint, identity, and security data in an intuitive Behavior Graph, which automatically transforms raw logs into actionable knowledge and contextual insight via entity extraction techniques. Similar to the concept of hyperlinking websites, the Behavior Graph connects together user, entity, asset, and event data, simplifying search and exploration across them.
The Behavior Graph
The Behavior Graph sets Sqrrl apart from other security solutions, and it is a visual, interactive environment for hunting and investigating suspicious behaviors.
The Behavior Graph:
- Lets analysts visually pivot across data users, entities, and events using link analysis techniques instead of manual database queries.
- Enables the use of powerful graph algorithms (in addition to machine learning) to detect the connections between suspicious behaviors
- Unites advanced analytics with link analysis to pull together entire attack pictures with ease
A Behavior Graph representation of network transactions
Using the Behavior Graph, analysts and hunters using Sqrrl benefit from:
- Enriched contextual knowledge from raw data
- Rapid understanding of the relationships between entities like users, hosts, and domains
- Rapid understanding of the activities performed by entities based on those relationships
- Embedded User and Entity Behavior Analytics that leverage machine learning and graph algorithms
Interested in learning more about the Behavior Graph? Request access to the Sqrrl Product Paper.