Investigation

Owned by David Ruel (Unlicensed)
Last updated: Jul 28, 2016
2 min read

Main Help Menu

Company Profile

Fortune 250 Manufacturing Company

Problem

Company suspects that field engineers are using company assets to perform non-sanctioned side-jobs. Investigators can’t access field engineers machines to examine log files, without tipping them off, unless they’re VPN’ed into corporate network. Field engineers VPN in to get email, but disconnect before investigators can collect logs.

 

Solution

Heureka Interrogate can search, analyze and collect data from machines over any internet connection. While field engineers don’t connect to VPN often, they do establish regular internet connections and remain online. Heureka automatically collects log files from target machines as soon as they become available online. Investigators are able to covertly discover company asset misuse without notifying end-users.


Interrogate Workflow

Heureka's endpoint service runs in the background and will check for a search/collect request regardless of geographic location. The endpoint simply needs an internet connection to receive a command from Interrogate. For this use case, you will simply need to create a search looking for a specific file type.

NOTE: Because Heureka's endpoint indexer can be customized to any folder on the file system, it is possible to tune the index to only point to the desired log file location thus greatly speeding up the indexing and return of information to Interrogate.

Interrogate's search feature allows you to define both endpoints and specific file names or extensions to search for.

  1. Create a Job and Search in Interrogate.
  2. Select the desired endpoints you would like to search.
  3. For this use case, we are looking for specific extensions and have created an extension group with ".log" and ".txt" as the search types.
  4. Select "Search" and input name.

Analyze

Once the endpoint(s) begin to stream results back to your search result page, you will see file-level information such as File Name, Risk Score, Tags, File Path, etc, in the Grid Results area.

Take Action

You may export your returned results using the "Export to CSV" function. This flat-file CSV can then be imported to any desired analytics program for further analysis. If you are required to collect the files to a new location, use the "Collect Files" function.