Time is a critical factor in any investigation. Easily building out a timeline of an attack campaign or focusing an investigation around a specific timeframe can increase response time. With is in mind, we have expanded on our Heatmap concept for visualizing resolution history and developed a timeline that visualizes all resolution history for a given domain or IP address. Analysts can now choose any 6 month timeframe they would like to be represented by the Heatmap.
The Timebar visually represents the entire life of a domain or IP address based on RiskIQ passive DNS data. It allows an analyst to quickly understand the resolution history for a queried entity and select the timeframe that they would like represented in the Heatmap. This is a capability that analysts have been asking for since we debuted the Heatmap in our last full release.
Moving the slider on the Timebar allows an analyst the ability to select a date specific range. As the screen shot above shows, I was able to change the view from the current 6 month time frame to October 2014 to April 2015. Additionally the timeframe selection also constrains the data in each of the viewable data sets showing only data up to April 18, 2015. This capability puts a lot of control in the hands of the analyst and should lead to more efficient investigations.