To mirror the process of the analyst, PassiveTotal has introduced lightweight case management in the form of “projects.” Users now have the option to create both public and private projects with names, descriptions, tags, and collaborators. PassiveTotal projects allow users to group related activity and easily collaborate with others in their organization. Projects also retain the history of an investigation over time, so as new details emerge, get researched, and added to the project, users can be sure they have an accurate audit history.
For many in the security community, sharing information and intelligence is a large part of their daily workflow. Exchanging indicators, known group tactics, and investigation notes is commonplace but happens manually through email threads. While these processes work, they don’t lend themselves well to larger collaboration or follow-on research work.
Public projects within PassiveTotal allow users to share both data and context that details the steps the analyst took to discover those indicators. These projects are noted with a green open lock and can be published by anyone in the community.
PassiveTotal enterprise customers have the ability to publish private projects to the platform. These projects work the same as our public projects, however, they are only visible to those analysts within your enterprise organization. Private projects are denoted with a red lock and can be published by anyone in your organization. Analysts can also add collaborators to private projects who can participate in the investgation and add entities and IOCs to the project.