July 15, 2016
Security boffins at ANZ, one of Australia’s largest banks, have offered their nightHawk incident response tools for organisations running free Mandiant tools.
Mandiant’s open source platform is fit for enterprises requiring incident response at scale, and can run off a laptop for many investigations.
ANZ bank security analysts Daniel Eden and Roshan Maskey published their work to GitHub
The custom asynchronous forensic tool depends on Mandiant Redline and operates on ElasticSearch backend.
“The application was born out of the inability to control multiple investigations or hundreds of endpoints in a single pane of glass,” the pair say.
Eden steps through the application’s features in a demonstration video adding that the platform is available as a dependancy-preloaded CentOS ISO install.
The application can return about 1000 large documents without load strain after which point server-side processing is required.