Detectree: Open-source tool simplifies data analysis for blue teams, reduces alert fatigue

2022-07-22 03:30

Detectree, developed by WithSecure, is a detection visualization tool for cyber security defense teams.

"Time is always working against incident responders. And looking through rows of text data and making connections between them and the suspicious activity under investigation is time spent not remediating the problem, which is a real waste when you're under pressure to stop an attack."

Given the amount of security alerts blue teams with large companies can face, it's a process that can overwhelm security teams and exacerbate problems like alert fatigue and burnout.

Detectree was designed to help blue teams simplify investigative work by structuring log data into a visualization that shows relationships between the suspicious activity detected and any processes, network destinations, files, or registry keys connected to that detection.

Rather than manually sorting through data represented as text to reconstruct a chain of events, responders can look at the visualization to see not only the connections, but the nature of the connections, including interactions, parent-child relationships, and process injections.

"Even the most experienced, skilled blue teams need tools to help them do their jobs well. Detectree is a simple tool, but it's addressing real pain points that make work unnecessarily difficult and time consuming for security teams," he said.

News URL

https://www.helpnetsecurity.com/2022/07/22/detectree-open-source-tool/

#opensource #teams