Ever find yourself coming across familiar looking infrastructure, but can't remember where or why or when you saw it? More importantly, are you able to remember if it were good, bad or just a figment of your imagination? Yeah, we've been there too and that's one of the primary reasons PassiveTotal included the ability for analysts to classify a domain or IP address within the platform.
When responding to incidents, client requests or what feels like a never-ending event queue, any time that can be saved is important. Classifications are an easy one-click solution that persists your knowledge, augments your future research and provides insight to others within your team. If you aren't classifying your queries, maybe it's time to take another look.
No need to remember if an indicator is malicious or not anymore, just classify it. PassiveTotal allows users to classify a domain or IP address as malicious, suspicious, non-malicious or unknown. Simply clicking one of the radio buttons marks the item and preserves your classification, so that if you stumble across the same infrastructure in the future, you won't have to guess its' state. While it seems inconsequential, having your existing classification show up on a query means your workflow is not being disrupted which ultimately translates to a lot of time saved.
Research has shown that our brains are capable of processing entire images in as little as 13 milliseconds. Think about that, entire images in less than a second; imagine how quickly it can process just a single row of color. Aside from providing a text version of classifications, we wanted to present them using visual cues, so that as you continue your research, it's extremely clear that not only has something been classified, but what particular value was choosen. To do this, we choose to represent each classification value as a particular color. Malicious values are highlighted red, suspicious as yellow, non-malicious as green and unknown as white. Hypothetically, if you use classifications, you'll be able to process your existing research in less than a second. Pair that with existing knowledge, and there's even more time gain.
If you are fortunate enough to work with a team, then you already know how tough it can be to constantly keep everyone in sync even if their in the same location. Even worse, what happens when an analyst leaves the company? More often than not, when an analyst leaves, so does their knowledge. If your organization is using PassiveTotal Enterprise and our classifications, this is no longer an issue. Need to know what your co-worker is analyzing? Take a look at the teamstream to get a quick glimpse of what others are doing. Curious if someone in your organization already reviewed a particular domain? Just go run a query and look for the classification value. Working together happens seamlessly within PassiveTotal which means less time talking and more time searching.
Classifications are awesome. A single click or POST to our API takes your knowledge and instantly distills it into actionable feedback within PassiveTotal. In a field where time is precious, why wouldn't you want to save more? Persisting your analysis back within PassiveTotal is guaranteed to improve your workflow and your teams workflow.