Title: CNE End Point Requirements

Release Date: 2015-01-17

Description: This undated GCHQ reference document enumerates the processes and tools analysts use for computer network exploitation: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.

Document: TOP SECRET STRAP1 COMINT

CNE End Point Requirements
CATEGORY O Experimt O Refinemer O Bug Fix O ALL REQTYPE O Capability O Convergenc O Query O Taskir O Viewe Oall PRIORITY O Priority O Priority O Priority oall This spreadsheet contains the collated CNE user requirements captured the Endpoint initiative lead. To cut down the amount of information visible select the material you want to see via the Radio Buttons and then press "GO". Requirements are divided into a number of CATEGORIES dentifying the amount of INNOVATION required to satisfy the requirement Requirements are labelled by TYPE - referring to the primary issue associated with the requirement Requirements are PRIORITISED - Priority 1 being the highest (essential) and Priority 3 the lowest (nice to have)
REQUIREMENTS PLANNED DEVELOPMENT WORK
Category Type Priority Number Description Individual Tasks - with RAG status
Refine Capability 1 Cap.01 Request document / file properties and task on the basis of the same (author/etc) STARGATE (Manual authorisation tool)
Experiment Capability 1 Cap.02 ■Detect internal network activity (volumes and movement of Hspecific data types) :
Experiment Capability 1 Cap.03 ■Low latency presence data for use in tip-off collection
Experiment Capability 1 Cap.04 Remote indexinq ROCK OPERA remote indexing
Experiment Capability 1 Cap.05 Use API type functions of operating systems like their indexing ■
Experiment Capability 2 Cap.06 characterisation of unallocated or deleted space - potentially a source of intelligence on internet-facing target machines STARGATE (Daredevil remote forensics pluqin)
Quincey plugin
Experiment Capability 2 Cap.07 ■Destination IP address from messenger client packet capture
Experiment Capability 2 Cap.08 PCS - capability aqainst mobile devices Research in CNE and ICTR
Experiment Capability 2 Cap. 09 ability to list programs and applications commonly used on the machine (pulled from Registry and program files?) - and to monitor frequency of use
Experiment Capability 2 Cap. 10 ■Follow/monitor movement of files / movement of users (key |to identifying the valuable parts of a network) STARGATE (network summary pluqin)
STARGATE (Endpoint data characterisation)
Experiment Capability 2 Cap.11 ReiWi!M8l!rfofiffi&:sL!)§li!?(i1i&rvester (with logics applied to implant on USB to auto-retrieve data).
Refine Capability 2 Cap. 12 web browsing content (html, cookies etc)
Experiment Capability 3 Cap. 13 Mchanqe the registry (eg browser stain)
Experiment Capability 3 Cap. 14 ■Collect the first line of the document text / the first 'n' ^characters.

Experiment Capability 3 Cap. 15 : CNA / CND profiling - Be able to search on hacking profile/signature so can spot attacks leaving a box. Need : STARGATE (Endpoint data characterisation)
Experiment Can ability 3 Cap. 16 Remote hashinq of files
Experiment Convergence 1 Conv.01 Data must be of a format which enables it to be merged with data from other sources / tools in any future converged platform. E.g. putting internet selector (TDI) related material into passive events systems and auto-correlating activity from a CNE implant to the same intercept collected in passive STARGATE ROADMAP iteration 7-10 (corporate framework, native viewing, CMS, convergence)
Experiment Convergence 1 Conv.02 Metadata must be exportable to other relevant tools. STARGATE (Graphical query enqine)
Experiment Convergence 1 Conv.03 Geolocation information Google earth /C.O.R.E. / K.I.M STARGATE ROADMAP iteration 7-10 (corporate framework, native viewing, CMS, convergence)
Experiment Convergence 2 Conv.04 Ability to compare EndPoint data with JTRIG forensic data & ■ CNE metadata into the CMS
Experiment Convergence 2 Conv.05 : Develop a fingerprint concept (includes characterisation) - application profiles exportable to search in XKEYSCORE STARGATE (Endpoint data characterisation)
STARGATE (Machine survey/summarv component)
Experiment Convergence 2 i backing standards, shareable with other tools to enable cross querying across the 5-eyes. STARGATE ROADMAP iteration 7-10 (corporate framework, native viewing, CMS, convergence)
Refine Convergence 2 Conv.07 EndPoint data should send / generate metadata for the new Content Metadata Store (CMS) CNE metadata into the CMS
GOLDEN EYE 2
Experiment Convergence 2 “ Enrichment of EndPoint content and metadata from other tools/databases (BroadOak, UTT, JTRIG, Globalreach, Global Surge, THUGGEE) STARGATE ROADMAP iteration 7-10 (corporate framework, native viewing, CMS, convergence)
LOOKING GLASS
Experiment Convergence 2 Conv.09 Events data containing End Point internet activity material e.g. this public IP has been seen in MARINA. STARGATE ROADMAP iteration 7-10 (corporate framework, native viewing, CMS, convergence)
Experiment Convergence 2 Con v. 10 Flexibility to keep pace with tools developments, compatibility with others' efforts, and accessible to e.g. ICTR (Applied Research) Eclipse platform/framework
Experiment Convergence 2 Conv.ll i PSC tipping to EREPO / other passive collection (see tasking requirement) STARGATE (Alerting Components)
Experiment Convergence 2 Con v. 13 Data feeds in & out of Endpoint: Radio values and MAC addresses / IP addresses - take data to, and lookup from Global Surge/ Roadbed / Overhead / wifi mapping/ STARGATE (Machine survey/summarv component)
STARGATE ROADMAP iteration 7-10 (corporate framework, native viewing, CMS, convergence)
Experiment Convergence 2 Con v. 16 web mail cookie as an Active User entry/IP & Datetime in HAUSTORIUM/MARINA/(via Shareown?)/MUTANT BROTH or other corporate solutions STARGATE ROADMAP iteration 7-10 (corporate framework, native viewing, CMS, convergence)
Experiment Convergence 3 Con v. 17 Ability to view collected items with reports that have been written from them - MOONRAKER (assume this would be done using the source record for reports) STARGATE ROADMAP iteration 7-10 (corporate framework, native viewing, CMS, convergence)
Refine Convergence 3 Con v. 19 Be able to launch queries in other SIGINT systems from within EndPoint e.g. Send identified selectors to events tools STARGATE ROADMAP iteration 2
LOOKING GLASS
Experiment Convergence 3 Conv.20 Carbon Rod - show me a man in the middle between this End Point network and this website. (Vulnerability MUGSHOT
STARGATE (Machine survey/summarv component)

assessment) STARGATE (Network visualisation)
STARGATE (network summary pluqin)
HIGH NOTE (CNE TD tools!
NAC Network Visualisation work
Experiment Convergence 3 Conv.21 If the network contains wireless bridges, show me pictures of where that RF has been seen). Having the ability to connect STARGATE (Network visualisation)
NAC Network Visualisation work
Experiment Convergence 3 Knowledge Base. Feed BROAD Hoak and other summarisation tools. ■ STARGATE ROADMAP iteration 7-10 (corporate framework, native viewing, CMS, convergence)
STARGATE (Endpoint data characterisation)
Experiment Convergence 3 Conv.25 Link out to (mirrored) open source resources such as Web / Wiki - look up machine / hardware info E.g. This MAC GOLDEN EYE 2
■ HIGH NOTE (CNE TD tools)
Experiment Convergence 3 Conv.26 ifleraSaiffWySfirieciPBiBi® fflfSflttaMBflUnd router configs, in relation to your network - noting any outbound traceroutes that cross an EREPO access. STARGATE (Task management component)
HIGH NOTE (CNE TD tools)
STARGATE (Network visualisation)
Refine Query 1 Qry.01 Result summaries - users need to be able to see results and reflne/summarlse the dataset prior to launching further anallytics/viewing formats. Also histogram, count, filter Migrate STARGATE plugins to LOOKING GLASS
STARGATE (Graphical guerv enqine)
LOOKING GLASS
Refine Query 1 Qry.02 ^(1i?T’ilil^itllffirP##lfc|9yfi^94Ntifijding time, using Boolean expressions. Migrate STARGATE plugins to LOOKING GLASS
CNE metadata into the CMS
STARGATE (Graphical guerv enqine)
LOOKING GLASS
Experiment Query 1 Qry.03 Query using Indexed values from files (indexed remotely or locally) with ability to apply Boolean logic, including foreign ROCK OPERA remote indexinq
UDAQ2
Refine Query 1 Qry.04 ipSy4gfet^H%66rara%f the CNE datastore ‘target user * machine/folder ‘time * most recently viewed files STARGATE (Graphical query engine)
Refine Query 1 Qry.06 Save queries STARGATE (collaboration components)
STARGATE (Graphical guerv engine)
Refine Query 1 Qry.07 Tag-based searching: tags are given to items that fit the description e.g. "yahoo", "voip" (similar to fingerprints In X- Keyscore). Ability to compile 'common1 tag-based searches. Essential to the knowledge sharing process and corresponding use at
Experiment Query 2 Qry.08 ‘ Show me what IP messaging clients have connected to, suggests new targets. Query on peer to peer connections .
Refine Query 2 Qry.09 Ability to add notes to items/machines/networks/projects to support collaboration, notes pushed up the chain. Click on a STARGATE (collaboration components)
LOOKING GLASS
Experiment Query 2 Qry.10 ftQ&lff&ffbiffl-MWtfffBr egress ('which boxes can 1 get >1MB files from?') STARGATE (Shopping basket full functionality)
EKB information

Refine Query 2 Qry.12 Import data from another source (eg 3rd party filelisting) - for example a CSV file into Eclipse GOLDEN EYE 2
Refine Query 2 Qry.13 □ Pull out all applications seen on a box / network ■ STARGATE (Machine survev/summarv component)
STARGATE (Endpoint data characterisation)
Experiment Query 2 Qry.14 pull out all selectors seen on a box / in docs * Telephone numbers, emails, passwords etc retrieved STARGATE (Summarisation)
STARGATE (Graphical query enqine)
Refine Query 2 Qry.16 machines / users / TDIs + latency & tip off ■ STARGATE (Graphical query engine)
STARGATE (Endpoint data characterisation)
Experiment Query 2 Qry.17 Ischedule queries on collected data STARGATE (Graphical query enqine)
Refine Query 2 Qry.18 Hshare queries STARGATE (collaboration components)
Experiment Query 3 Qry.19 BAbility to push data - i.e.' other people found this interesting'/ H'other people asked for this on this box' / 'query this to find ■ STARGATE (collaboration components)
STARGATE (Endpoint data characterisation)
Refine Query 3 Qry.21 H6SHe&teMiP0Li&iisaN retrieved yahoo data / encryption STARGATE (Graphical query enqine)
Refine Query 3 Qry.22 Other users Flagged items (see knowledge sharing) and star rating for items STARGATE (collaboration components)
Refine Query 3 Qry.23 Query operations by machine types / topic / technologies / common properties of operations, projects or machines STARGATE (Endpoint data characterisation)
STARGATE (Graphical query enqine)
Refine Query 2 Qry.24 The ability to track the unique number assigned to a thumb drive by computer and then correlate and map this to when that same thumb drive is used in a different computer.
Experiment Query 3 “ | Volumes of activity across networks * which boxes are used most often * which boxes do certain things? ■ STARGATE (Network visualisation)
STARGATE (Endpoint data characterisation)
STARGATE (Graphical query enqine)
NAC Network Visualisation work
Refine Tasking 1 Task.Ol By a specific file type ■ STARGATE
STARGATE (Endpoint data characterisation)
Refine Tasking 1 Task.02 By those most recently viewed or used ■ STARGATE
STARGATE (Endpoint data characterisation)
Refine Taskina 1 Task.03 directory listinas / file listinqs STARGATE
Refine Tasking 1 Task.04 images / documents as thumbnails only STARGATE (Thumbnail viewer)
STARGATE (Auto conversion of thumbnail files)
STARGATE
Experiment Tasking 1 Task.05 Inform analysts what is / is not possible on this box / network etc. * Document what plug ins are available and how they work. * What capabilities can be directly tasked by the analyst for the relevant box. E.g. remote indexing of a box STARGATE (Machine survev/summarv component)
STARGATE (network summary pluqin)
STARGATE (Shoppinq basket full functionality)
ROCK OPERA remote indexinq
HIGH NOTE (CNE TD tools)
MUGSHOT
Experiment Tasking 1 Task.06 : Tag-based tasking -'internet activity profile (e.g. usernames, passwords, B cookies, web browsing and more...) STARGATE (Endpoint data characterisation)
Experiment Tasking 1 Task.07 Need for rules (time/volume/file types), conflict resolution, permissions 1 STARGATE (Task management component)
EKB information
Refine Tasking 1 Task.lO Request individual files STARGATE (Manual authorisation tool)

STARGATE
Refine Tasking 1 Task. 11 Request network info e.g. traceroutes, ipconfig, arp - a, possible route -print, netmap STARGATE (Manual authorisation tool)
STARGATE (Network visualisation)
Experiment Tasking 1 Task.13 Mission management: within the EndPoint system - on file request, generate metrics / stats - TPA can use STARGATE (Chequerboard)
LOOKING GLASS
Refine Tasking 2 Task. 14 Access to cookie content. These are powerful sigint enablers, carrying selector and geolocation information amongst other stuff, so rank higher than other webbrowsing material. STARGATE
Experiment Tasking 2 Task.15 Taskinq by application e.q. "qet me all Skype files" STARGATE (Endpoint data characterisation)
Experiment Tasking 2 Task.16 Tasking by files containing a string / having particular hash values / image hash values STARGATE (Endpoint data characterisation)
Refine Taskinq 2 Task.17 #2Tasking bv files that have changed STARGATE (Endpoint data characterisation}
Experiment Tasking 2 Task.18 : Tasking by geo value - google earth, public ip profiles, machine identifiers. Z STARGATE (Endpoint data characterisation)
Evolved MUTANT BROTH
Experiment Tasking 2 Task.19 Tasking by type media content collection - IM/email text, voice, video, ... eg "get me all voice files" - STARGATE (Endpoint data characterisation)
Automated tasking
Refine Taskinq 2 Task.20 Taskinq by user / author STARGATE (Endpoint data characterisation)
Refine Taskinq 2 Task.22 keyloq requests - useful for passwords and the like STARGATE (key log viewer)
Refine Tasking 2 Task.26 request pings on IP addresses to determine equipment types. STARGATE (Manual authorisation tool)
HIGH NOTE (CNE TD tools)
MUGSHOT
Experiment Tasking 2 Task.28 Retrieve files based on text content- eg if the document has TOP SECRET in it, collect it, don't wait to be asked ROCK OPERA remote indexinq
STARGATE (Shopping basket full functionality)
Experiment Tasking 2 Task.29 STARGATE (Screenshot viewer)
STARGATE (Shoppinq basket full functionality)
Refine Tasking 2 Task.30 Tasking pre-End Point {queuing up tasking before the endpoint is ready) STARGATE (Manual authorisation tool)
Experiment Tasking 3 Task.33 Bulk tasking - ability to apply tasking parameters to the network / project; task a target set STARGATE (Manual authorisation tool)
TURBINE (mission applications)
ACNO mission management
Experiment Tasking 3 Task.34 Effects based tasking, for certain users e.g. ability to change registry, watermark files, or even destroy the box? STARGATE (Manual authorisation tool)
New CNE Effects tool
Experiment Tasking 3 Task.36 Task an End Point to send tipping to the EREPO system for collection on the active IP of the box. Put a beacon on this STARGATE (Manual authorisation tool)
STARGATE (Alerting Components)
Refine Viewer 1 View.Ol KSfitylSconfigure every function of the viewer, so that settings are saveable and shareable STARGATE (Collaboration components)
LOOKING GLASS
Experiment Viewer 1 View.02 ability to view content in foreign script (in the correct order) STARGATE ROADMAP iteration 8
UDAQ2
Experiment Viewer 1 View.03 Across networks we need to be able to distinguish between: * a computer on a network seen but not implanted at all * computers with first stage implants, second stage implants * second stage implants but not yet surveyed * looltod at bv an nnnlvot STARGATE (Network visualisation)
HIGH NOTE (CNE TD tools)
LUNAR HORNET (Support for implant visualisation)
NAC Network Visualisation work
ICTR (B13B) network mapping

Experiment Viewer 1 View.04 Analytics to produce a summary / profile page of a machine as a starting point for the analyst, like CIA QUINCY STARGATE (Machine survev/summarv component)
STARGATE (Cheauerboard)
Experiment Viewer 1 View.05 yht^9«dlrtPa^lpatfiSttaWmplants/make recommendations (show me paths with x hops) STARGATE (Network visualisation)
STARGATE (Network summary pluqin)
LUNAR HORNET (Support for implant visualisation)
Experiment Viewer 1 ” Visualise and physically / logically map target networks STARGATE (Network summary pluqin)
STARGATE (Network visualisation)
NAC Network Visualisation work
ICTR (B13B) network mapping
Refine Viewer 1 View.07 Machine properties: Domain - which domain(s) is the machine in? STARGATE (Machine survey/summary component)
Refine Viewer 1 View.08 1 Metadata for each file to Include file properties (author, last modified by, dates, length, hidden, password protected, STARGATE (Endpoint Data Characterisation)
ROCK OPERA remote indexinq
Refine Viewer 1 View.09 and a descriptor) STARGATE (Endpoint Data Characterisation)
Refine Viewer 1 View. 10 Machine properties: IP (public/private) include relevant passive access points _ STARGATE (Machine survey/summary component)
Experiment Viewer 1 View. 11 Model time aspects in visualisation & physical/logical mapping of target networks - ie as machines ■ STARGATE (Endpoint Data Characterisation)
STARGATE (Network visualisation)
Refine Viewer 1 View. 12 STARGATE (Machine survey/summary component)
Experiment Viewer 1 View. 14 see applications on a box. E.g. mail clients, messenger clients, Autocad, Google Earth, antivirus/network apps VPN.... "what apps on what box?". STARGATE (Machine survey/summary component)
Refine Viewer 1 View. 16 Show machine properties (note not 'implant' properties). Allow for the possibility of multiple implants on a single machine. STARGATE (Machine survey/summary component)
Experiment Viewer 1 " Show overall Project information on Op - who the target is, requirements, why the target is being worked, (e.g. Country/contextual stuff - CP - Dr Evil - henchman No 1) - summary of progress. - summary of SIGINT parameters (casenotations/sigad) - project lead and analysts who've registered an interest - linked to Machines under Op and network overview _ STARGATE (Task management component)
STARGATE (Machine survey/summary component)
STARGATE (Proiect/Op summary view)
FLAME CARPET 2
Eclipse drill down
BROADOAK
LOOKING GLASS
Experiment Viewer 1 View.21 Need for COIs, need to see current status of users compartments. Classification of current view. 1 STARGATE (Authorisation components, incl user management)
GOLDEN EYE 2
Refine Viewer 1 View.22 : Show results of content searches with paths for content ocation UDAQ2
Experiment Viewer 1 View.23 supported ability to view/ run native versions of non plain text material (office docs, jpegs, video etc ALSO registry data, system files, shortcuts.) STARGATE (registry viewer)
STARGATE ROADMAP iteration 8
FUME CUPBOARD

Experiment Viewer 1 View.24 tasking history - an ability to see the status of all files and the user's and others' current tasking Requested / Rejected / Accepted / Delivered, viewable over an individual machine/project/network/Sigintllser/SigintTeam/types of task/status etc etc (ie by any property of the tasking STARGATE (Task management component)
Experiment Viewer 1 View.25 ‘ Visualise file structures across different machines and browse through them. Dirwalks, file listings and other survey results to be included. Subtract what's the same (or what's different) STARGATE ROADMAP iteration 8
■ STARGATE (Graphical query enqine)
STARGATE (Endpoint Data Characterisation)
STARGATE (machine survey/summarv component)
refine Viewer 2 " ability to click on email account and look at associated web browsing {algorithm to sessionise web sessions to email accounts > user) I STARGATE (Endpoint Data Characterisation)
PASSIVE/ACTIVE convergence
Analytics
Refine Viewer 2 View.28 Ability to see who has viewed the network / project/ machine / individual files (including self!) LOOKING GLASS
UDAÇ2
Refine Viewer 2 View.29 An ability to add and amend comments to the machine and to label it with values as above. LOOKING GLASS
Refine Viewer 2 View.30 Applications installed and versions/settinqs STARGATE (Machine survey/summarv component)
Experiment Viewer 2 “ 1 Be able to graphically represent how a computer is communicating within the network, as well as outside. * Which ports are they using? * Are they transferring information via FTP? STARGATE (Network visualisation)
STARGATE (Network summary pluqin)
Converged analytics
STARGATE (Machine survey/summarv component)
Experiment Viewer 2 View.32 ~ * Are. they iisina Instant [Messaging applications ovei Capability ter compare machines across aproject/across CNE STARGATE (Machine survey/summarv component)
STARGATE (Endpoint Data Characterisation)
Refine Viewer 2 View.33 : click on email account to see other computers this account has been seen on in this particular network / other CNE ■ STARGATE (Endpoint Data Characterisation)
STARGATE (Network visualisation)
Experiment Viewer 2 View.34 i Mirks - different operations (eg NSA, EREPO, RUFFLE) may have access at different points of a network STARGATE (Network visualisation)
■ STARGATE (Network summary pluqin)
STARGATE (Endpoint Data Characterisation)
Refine Viewer 2 View.35 Connecting my network internal to external / CNE to Passive GLOBAL SURGE
Refine Viewer 2 View.36 Connection Logs to the network/internet, by type as well as time for machine & target (eg POP3 logon times, dialup connection times wifi ssids)
Refine Viewer 2 View.37 Display address book and signature values from apps on machine (eg outlook) STARGATE (E-mail visualisation)
Refine Viewer 2 View.38 Display messaging activity from IM clients ■ STARGATE (Endpoint Data Characterisation)
LOOKING GLASS
Refine Viewer 2 View.39 Compare machines across a project/CNE - files sent/received _
Experiment Viewer 2 View.40 find where the same values are present elsewhere (in metadata/content/other accesses) ■ STARGATE (Graphical query enqine)
STARGATE (Endpoint Data Characterisation)

Refine Viewer 2 View.42 highlight where specific application/app type files are stored (e.g. push out all Skype/Paltalk/MSN/Outlook files/communications files)
Refine Viewer 2 View.43 Implant type, installed plugins, and potential plugins (machine level view) EKB information
Refine Viewer 2 View.44 Latencies (traceroutes) HIGH NOTE (CNE TD tools)
STARGATE (Network visualisation)
NAC Network Visualisation work
Refine Viewer 2 View.45 list files on desktop
Refine Viewer 2 View.46 list of any identifiers found and where they were pulled from on the machine (eg. Rasphone.pbk) STARGATE (Machine survey/summarv component)
STARGATE (Endpoint Data Characterisation)
Refine Viewer 2 View.47 list of the Nethood Folder
Refine Viewer 2 View.48 list profiles/accounts on box
Refine Viewer 2 View.49 Log of implant callbacks JACKPOT
Experiment Viewer 2 View.50 model contact data (best merged with other accesses - see convergence) STARGATE (Endpoint Data Characterisation)
LOOKING GLASS
Experiment Viewer 2 View.52 _ model internet activity - cookie exchanges and other content as well as a metadata summary ■ STARGATE (Endpoint Data Characterisation)
User centric view
Activity modelling
Experiment Viewer 2 View.53 Model indexing of collected files on/across machines Entity extraction
Refine Viewer 2 View.54 msinfo command properties and similar. SLIPSTREAM
Forensics Implant
Refine Viewer 2 View.55 option to view only retrieved files and their location
Experiment Viewer 2 View.56 play back/ visualise user/machine/network activity (temporal modelling) STARGATE (Network visualisation)
STARGATE (Machine survey/summarv component)
LOOKING GLASS
Experiment Viewer 2 View.57 registry viewer analysis STARGATE (registry viewer)
STARGATE (Daredevil remote forensics plugin)
Refine Viewer 2 View.58 1 See a model of where value has been gained from similar machines (Amazon shopping model) - trend analysis ■ STARGATE (collaboration components)
STARGATE (Endpoint Data Characterisation)
Refine Viewer 2 View.59 See project lead and analysts who have registered an interest. Register an interest for self/section _ STARGATE (Endpoint Data Characterisation)
STARGATE (Alerting Components)
Refine Viewer 2 View.60 show machines accessed from other machines STARGATE (machine survey/summarv component)
Refine Viewer 2 View.61 Show where files have changed since being viewed. STARGATE (Cheguerboard)
Refine Viewer 2 View.62 show where recently opened/created documents are stored (color coding if file has changed since last accessed) STARGATE ROADMAP iteration 2
STARGATE (Graphical guerv enqine)
Refine Viewer 2 View.64 Machine properties: Type (Desktop/router/server/switch/wireless bridge/firewall/VSAT modem etc) STARGATE (Machine survey/summarv component)
■ STARGATE (Network visualisation)
STARGATE (Endpoint Data Characterisation)
NAC Network Visualisation work
Refine Viewer 2 View.65 user logs (who logged on when) STARGATE (machine survey/summarv component)
STARGATE (Endpoint Data Characterisation)
Activity profiling

Experiment Viewer 2 View.67 Visualise the status of CNE operations, based on information held within the End Point System. STARGATE (Chequerboard)
Experiment Viewer 3 View.68 ability to display 'pattern of life1 based on presence data, 'social' networks to overlay the physical and logical network. LOOKING GLASS
Refine Viewer 3 View.69 ability to synchronise data - ability to convert times on target data to Zulu/correcttime if settings on target box/network are wrong. '
Experiment Viewer 3 View.70 Ability to view collected items that have been reported and to label items as reported. LOOKING GLASS
Refine Viewer 3 View.71 click on email account / Instant Messaging account to see list of buddies ■ STARGATE (E-mail visualisation)
STARGATE (Endpoint Data Characterisation)
Refine Viewer 3 View.72 click on email account to see list of emails received / Subject / From: ■ STARGATE (E-mail visualisation)
STARGATE (Endpoint Data Characterisation)
Experiment Viewer 3 View.73 highlight files in suspicious places, eg This is supposed to be a system file but is in the wrong place. STARGATE (Machine survey/summary component)
STARGATE (Endpoint Data Characterisation)
Experiment Viewer 3 View.74| ¡highlight whether this is a valid 'system' file. Helpful in telling ¡analyst what is worth tasking. STARGATE (Endpoint Data Characterisation)
Refine Viewer 3 View.75 How access was gained (MITM, content based -with email used, QUANTUM etc) STARGATE (Machine survey/summary component)
Refine Viewer 3 View.76 links to glossary of CNE/TAO/other glossary, breakdown of plugin options and definitions D1.3 (support provision of STARGATE traininq)
LOOKING GLASS
Refine Viewer 3 View.77 list of email accounts to passwords ■ STARGATE (E-mail visualisation)
STARGATE (Endpoint Data Characterisation)
Refine Viewer 3 View.78 MAC/serial numbers & Equipment description - e.g. what is "box"? provide information on capability / what are OS properties STARGATE (Machine survey/summary component)
Refine Viewer 3 View.79 Radio properties of box (eg wifi or vsat modem) STARGATE (Machine survey/summary component)

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh