SUPPORT
Useful resources on how to configure and use Cyberscape
Welcome to the Cyberscape Support Library
faq's
What is a workspace?
A workspace is a real-time collaborative environment where analysts can conduct an investigation, research, or work to piece together the findings from a security incident or event.
Can I get notified when there are changes to a workspace I am interested in?
You have the ability to watch workspaces shared with you (including to your organization or community groups) and you are notified when updates are made to those workspaces.
What is TLP and why is it required?
When creating a workspace, as you can see in the image above, you are required to identify whether the data within your workspace is White, Green, Amber, or Red as per the standard US CERT Traffic Light Protocol, this is at the Analyst's discretion.
What are nodes and edges?
Cyberscape investigations are centered on a link analysis using a visualization known as a link-node graph or network. On these graphs, there are a set of points (we call them nodes) connected by lines (edges), which when drawn together enable quick visual analysis of the relationships between the nodes and their interconnectivity.
How do I query data to enrich the nodes on my workspace?
You can select the nodes that you want to enrich and then double click on the node to open the node actions menu and click on the enrich icon.
What are tags?
When you double click a node and click on the tags icon in the node actions menu, you can add or edit tags to that node. Some tags come in from enrichment data sources or you can create your own for use in exports.
What are notes on a node?
When you double click a node and click on the notes icon, you can create annotations that are specific to that node. The node will visibly get a note icon on the outer ring of the node indicating a note exists.
Do I have to query all the datasets an enrichment offers, or can I just run enrichments on specific datasets of an enrichment?
As you can see here in the image below, enrichments in Cyberscape can have multiple options depending on the data sets they query or the specifics of the parameters. You have the option to run queries against some or all of the integrated data sets that a data partner offers, or just specific ones you are interested in. You can also query from multiple data partner enrichments simultaneously.
What is the Cyberscape Related Workspaces enrichment?
The related workspaces enrichment will find any other workspaces that contain the searched node that your user can access. This traversese your own workspaces, those shared with you, those shared with your organization, and those in the community. The related workspaces query is run automatically every time you add a new node to the graph.
My enrichment result shows a number in parentheses, what is that?
The number included with enrichment results shows you how much data was found so you can choose how to control the amount of data added to your graph. This number indicates nodes, relationships, and attributes so the number in parentheses will not always result in that many nodes showing up on your graph.
How can I select one or more nodes on the graph?
By navigating to the selection toolbar on the left side of the workspace , there are numerous ways for you to make selections of the nodes, such as rectangular and lasso selection, click to select (can also be accomplished by holding the shift key while clicking a node), select all, select by type, select adjacent (by type), select contiguous (by type), select by source, and invert selection. You can also access selection tools using a right mouse click.
Can I group nodes together?
Yes, once you have selected the nodes you want to group, click on the cluster icon in the left hand toolbar and either create a new cluster or choose to add your selection to an existing cluster. You can edit clusters by double clicking the cluster and selecting properties which will allow you to modify the cluster color, name, and membership as well as delete or uncluster.
Once I have selected the nodes I want, is there an easy way to export them so that I can share them with my team?
Yes, once you have selected the nodes you want to share you can go to the Table pane and export in any of the various formats we support.
It would be great if you could write and collaborate on a report within Cyberscape, is that a feature you currently offer?
Yes, in Cyberscape we have provided tools for analysts to collaborate and write a report seamlessly within the platform, and other analysts can make edits along the way as well. Additionally, once the report is completed you can decide to generate the report as a PDF, and also include the graph and indicators if you wish.
Are you 100% cloud based?
Yes, for more information on our security and privacy controls, please reach out to support@cyberscapelabs.com
Do you support 2FA?
Yes, Cyberscape supports two-factor authentication. It supports authentication via Google Authenticator or other software token, Yubikeys, or phone SMS backup codes. Use of two-factor authentication is optional for individual users, but highly encouraged. Organization admins can require that all users set up 2FA via the admin controls in the Organization section of Cyberscape.
How do I add a user to Cyberscape, do I have to email my CS Rep?
No, you can add users, as long as you have licenses available, within the Organization section of Cyberscape. You simply select that you want to add a user, provide their email address and they will receive a notification of account creation. But you can always email your CS rep if you have any trouble adding users.
Can workspaces be shared?
Yes, you can share a workspace with your entire organization, other Cyberscape users, or community groups that you are a member of.
Can I prevent a workspace from getting shared outside of my organization?
Yes, when creating and editing your workspaces you have the ability to lock them to your user or your organization. Additionally, this can be set by an administrative control which will prevent any workspace created by your organization from being shared outside of your organization.
What is this time fencing feature?
The time fencing feature is to enable an Analyst to limit their results to just a specific time frame if necessary. Example: An analyst is working an incident that occured over the last 7 days, the analyst can set the time fencing to only provide results within that time frame.
How do I add nodes to my workspace?
When building a workspace you have the ability to add nodes by simply dragging them from the Build pane into the workspace, or you can import data to be added as nodes by importing a document - as a csv, pdf, json, or graphml file - or pasting values in the import table.
What are attributes?
When you double click a node and click on the attributes icon in the node actions menu, you are presented with a table that shows all of the meta-data and information, including timestamps, collected from the data enrichments. Clicking on the blue arrow will show the full value of the attribute which can be easily turned into a node by highlighting the text and adding it to the graph or by using the 3-dot menu in-line with the attribute.
Can I change the appearance of a node?
When you double click a node and click on the highlight icon to change the color of the node and the score icon to put a high/medium/low badge on the node for risk scoring.
What if I want to share my workspace, but there are a couple of pieces of sensitive information I don't want to share?
When you double click a node and click on the visibility icon, you can select if that node is public or private. Public means that anyone who is shared the workspace can see that piece of data. Private means that if the workspace is shared with a user outside of your organization they will not be able to see that piece of data and it will be replaced with a masked node.
What is the Cyberscape Internal Sources enrichment?
The internal sources enrichment is a proprietary collection of OSINT and curated data sources that provides relevant, related data about the searched node to include DNS layer data including WHOIS and DNS registrant lookups, geo location, SSL search, and blacklists. This enrichment query is a bit different from the others in that it will run 3 rounds of enrichment to provide a quick infrastructure map and kick off an investigation. This query is run automatically every time you add a new node to the graph.
I clicked Run, where did the enrichments go? Why didn't my graph change?
Once you have told Cyberscape to run enrichments, you will see two indications there are enrichment results. You can click on the leaves icon in the bottom left hand corner of your workspace which will open up the enrichment carousel. You can also click the leaves icon shown on the outer ring of the node to open the enrichment carousel and also quickly find the results for that specific node within the carousel. Just as you made selections of which enrichments you wanted to run, you have the same opportunity to select which pieces of information you add to your workspace.
I added an enrichment to my graph and nothing changed?
Cyberscape de-dupes data on the graph so you can not have two nodes that are the same. Cyberscape will note this in the attributes of the node under the "found-in" attribute where you can review the data provenance of that node and any metadata included in the enrichment results.
Is there a way for me to link nodes together on my own?
Yes, if you have nodes that you would like to link to one another, hover over the node you want the arrow to start from, click the + and drag the arrow over to another node. Once you have linked them together you can choose to add a label and change the formatting of the line by double clicking the edge.
What else can I do with clusters?
Clusters act as a way to organize your workspace and visually reduce clutter, but are also powerful multi-node selection. By double clicking a cluster, it acts as if you have selected the contents of that cluster and you can run enrichments on every node within the cluster or make bulk changes to those nodes using the node actions menu.
Can more than one person be in a workspace at the same time, and is there a way to talk to one another in Cyberscape?
Yes, multiple people can be working in a workspace at the same time, and we have an Interactive chat feature within Cyberscape. You can type in the values of nodes or add nodes from within the Interact pane on the right hand side.
Oh no! I added too many nodes to my graph from the enrichment’s carousel, is there a way for me to revert back to a previous state of my workspace?
Yes, if you go to the Activity pane, you have the ability to see all the activities that have occurred within your workspace. You can also select the AutoSaves chip to expose the saved versions and revert your graph to a previous state.
What is Cyberscape Marketplace?
The Marketplace is a catalogue of all integration partners and providers of data sources available for a user to potentially use in their investigations. By adding a license for their organization the respective provider and its capabilities will be available for usage in enriching the user's workspaces.
Does Cyberscape have the option to set approved IP ranges?
Yes, within the Organization section of Cyberscape, you have the ability to set up approved IPs.