Researching the Chrome Extension Compromise Activity using Synapse

A discussion of our research and findings that differed from public reporting and the methodology and analytic choices behind them.

From Code Families to Software Ecosystems: Documenting Relationships Between Tools and Other Resources

Learn about how The Vertex Project creates software ecosystems to capture additional context about software.

Categorizing Software with Code Families

Our code family methodology provides a granular way to identify and track software based on shared source code.

More Than Malware Families: Retooling Our Approach to Tracking Software

Introducing The Vertex Project’s methodology for analyzing software beyond traditional malware family classifications.

Wi-Fi Network Analysis Using the WiGLE Power-Up

Three wireless access point research use cases showcase how to use the WiGLE Power-Up to discover, analyze, and track wireless networks of interest.

Guide to Synapse and Storm Resources

Resources for getting started, customizing your Workspace in Synapse Enterprise, and the Storm Query Language.

Merging Threat Clusters (Threat Clusters Part 2)

In this follow-on piece, we discuss when and how to combine overlapping clusters of threat activity.

Getting Set up with Synapse Power-Ups

Learn how to install, configure, and use Synapse Power-Ups to “supercharge” your analysis through using additional features and functionalities.

Getting Started with a Synapse Demo Instance

Resources to help you familiarize yourself with Synapse, navigate the UI, and perform basic analysis within your Synapse demo instance.

Investigating an Unfamiliar File with Synapse

A walk-through of how to add an indicator, query data sources for additional information, pivot to related indicators, and tag findings.

What is a Threat Cluster? (Threat Clusters Part 1)

An introduction to the concept of threat clustering to enhance insight into and tracking of activity.

Vertex Intel Sharing Community - FAQ

Introducing the Vertex Intel Sharing Community, where analysts can collaborate and share insights.

Using Spotlight Extractors for Arbitrary Data

Learn how to use extractors to ingest and handle diverse data formats when working in the Spotlight Tool.

Vertex Intel Sharing: Sinkhole Infrastructure Research

A collaborative research project within the Vertex Intel Sharing Community identifies sinkhole infrastructure.

Capturing Structured Data in Spotlight with the Table Extractor

Use the Spotlight Tool's table extractor feature to import structured data from blogs and reports.

Using the Synapse-Mitre-Attack Power-Up to Ask Questions of the MITRE ATT&CK Framework

Integrate the MITRE ATT&CK framework into Synapse Enterprise to query and map attack techniques.

From Group to Individual: Modeling InformNapalm’s Article on Sergey Morgachev of APT28

Learn how to represent and analyze data about both groups and individuals within Synapse Enterprise.

Tips and Tricks: Storm and the Synapse UI

Tips for using the Storm query language and navigating the Synapse Enterprise user interface.

Best Practices for Views and Layers

Leverage the Views and Layers architecture to manage data visibility and facilitate collaboration across analysts and teams.

Using Synapse to Investigate Suspected Credential Theft Activity

Read about how we used Synapse Enterprise to research and analyze probable credential theft activity.

Using the Vertex-Threat-Intel Power-Up Workflow

Streamline threat intelligence workflows with the Vertex Threat Intel Power-Up.

Leveraging DNS Suffix Data for Threat Clustering

Learn how to analyze DNS patterns to identify connections between malicious entities.

Analyzing Two of Russia's Military Intelligence Units with Synapse

Model and analyze complex organizational structures.

Analyzing a Suspected Russian Influence Operation with Synapse

Track and analyze information campaigns and their dissemination with Synapse Enterprise.

Using the Synapse-Twitter Power-Up to Ingest IOCs Shared via Twitter

Learn how to use the Synapse-Twitter Power-Up to monitor and collect data from social media.

Automating Power-Ups to Aid Data Ingest, Enrichment, and Analysis

Automated workflows incorporate Synapse Power-Ups to streamline data ingestion and enrichment, as well as analysis processes.

Vertex Tag Tree Overview

We discuss our approach to tag trees and share a starting set for teams to import and build off of.

Supercharge Your Analysis with Synapse Power-Ups

We introduce Synapse Power-Ups and showcase how to use them for different analytical scenarios.

Preserving Analysts’ Sanity by Automating Sinkhole Monitoring

Leverage Synapse Enterprise’s support for automation to reduce analysts’ manual workload.

Importing Data Doesn’t have to be hard: Transferring Structured Data at Scale with Csvtool

Learn how to import structured data at scale into a demo instance of Synapse Enterprise with the Csvtool.