When conducting CTI, threat analysts are overwhelmed by a huge load of information to take under consideration, often from multiple OSINT sources. Depending on the target objective and the nature of the investigation, threat hunting should cover and include data collections and relations between multidisciplinary items. From relations between technical details such as DNS metadata to the very natural language and sentiments existing in domain names.
It is extremely important to have an interface which does not add more to the analyst’s “alert fatigue” state and information overload, deriving from several security solutions similar to a SIEM logic. On the contrary, it should be easy to uncover relations even in the most complex patterns. It must offer peace of mind and a positive user experience.
Traditionally, the way of operating during a threat investigation is to use X number of tools, plus Y number of OSINT sources, multiplied by an “infinite number of tabs”. Collecting, correlating and evaluating data upon data, in order to draw conclusions. All to take decisive actions in a constructive and descriptive manner, while in fact, the user is usually stuck in the “twilight zone” between right and wrong. A counterproductive nightmare by definition.
THEA NORNA is a modern threat hunting interface, backed by cutting-edge components and technologies to visualise and boost CTI investigations, ranging from probabilistic AI and LLMs to the utilisation of knowledge graphs and deep contextual analysis. Our mission is to enhance the analyst’s focus, productivity and experience by delivering an interactive software that aggregates all relevant information and enables direct actions.
Picture: THEMIS-AI phishing score cluster view on phishing subdomains via the NORNA threat hunting interface
A knowledge graph is a structured representation of information, where nodes represent entities and edges denote connections between them. It organises data, enables analysis, and powers several threat intelligence features. It's a valuable tool for understanding relationships and patterns in complex datasets.
In the second part of the NORNA journey, we will explore more on the technical side of the threat hunting interface and knowledge graphs. Stay tuned!