Graphs

The execution flow of a cyberattack is made up of multiple processes and operations that are logged in the Cytomic Orion data lake. Because of this, and given the massive amount of information that SOC analysts have to process, Cytomic Orion provides a special type of notebook that makes viewing and interpreting such data easier. This resource uses a special type of diagram, known as ‘graph’, which illustrates events with nodes and arrows to show entities and the relationship between them.

The information shown on a graph is equivalent to the information shown in the investigation console or in advanced queries, but organized and presented in a clearer, easier-to-interpret way.

The retention period for the telemetry stored in the data lake is one year.