The latest version of the Forensic Investigator app (version 1.1.8) is now available. We will only cover three major changes, but here are the rest of the details:
- Added option to hide the MIR menus via the setup screen
- Added proxy support to setup screen
- Made vtLookup proxy aware
- Made vtLookup accept and use non-default API key
- Added CyberChef (En/Decoder -> CyberChef) - Big thanks to GCHQ for the awesome tool!
- Added ePO Connector to control McAfee ePolicy Orchestrator
- Requires editing bin\epoconnector.py and adding ePO IP, port, username, and password
1. CyberChefThe folks over at GCHQ created an awesome encoding/decoding tool called CyberChef which is available here: https://gchq.github.io/CyberChef/. Even more impressive, it is a stand-alone client-side html page which was released under the Apache License version 2.0. We integrated it into the Forensic Investigator app as a useful component that can be utilized even on closed networks. Huge thanks to the developers at GCHQ.
|CyberChef integrated into the Forensic Investigator App|
2. ePO ConnectorThe Forensic Investigator ePO connector can be used to integrate Splunk and McAfee's ePolicy Orchestrator (ePO). This dashboard can task ePO via its API to do the following:
- Wake up
- Set tag
- Clear tag
|ePO connector feature|
3. Proxy AwarenessYou spoke and we listened. The Virus Total Lookup feature in the app is now proxy aware. If this feature works well, we will make the rest of the app proxy aware too. To enable the proxy settings, use the setup screen (Help -> Configure App) and enter the required data found in the screenshot.
We enjoy the feedback on the application--both good and bad, so please keep it coming. Let us know how you are using the application and how we can make it better. Enjoy. :-)