Using the Demo

Introduction

For a security professional, tracking down threats in your computing environment is a challenge, even for a small organization. Intel IT has developed an end-to-end, open-source solution to help security investigators more rapidly identify incidents that may be endangering your information assets. Proactive Investigator or Pro-I compiles and analyzes enormous amounts of data so investigators can quickly select suspicious incidents for deeper scrutiny.

This solution is now available as free software under a GPL (GNU Public License).

With the standalone demo, you can test drive Proactive Investigator from the point of view of the InfoSec Investigator or Security Analyst, going through the data of a fictional company. After completing the walkthrough, you can explore the data on your own, trying to find the threat in your midst!

Installation and Setup

UNZIP to C:\BIN\DEMO

This product requires SQL Server. To download SQL Server Express 2012, go to http://www.microsoft.com/en-us/download/details.aspx?id=29062

Local SQL Server Express Install
1) Click on RestoreDemoDB.bat
2) When the job completes, start Proi_Investigator.exe

If you have SQL Server Management Studio, you can restore the database to a local or remote database:
1) Restore the database from backup http://msdn.microsoft.com/en-us/library/ms177429.aspx
2) Edit the ProI_Investigator.exe.config file to point to the database server you used for the restore.
Note: the account you run the UI under will need to be in at least the public role in the restored database.

Walkthrough

Proactive Investigator consists of four views: Galaxy, Neighborhood, Drilldown, and Case Management. Case Management is not available in this version of the demo, but is part of the source code and binaries in the full version of the solution (all will be available on CodePlex site).

To get started, double click the executable. You will see a WPF application that has a set of four tabs (one disabled). You can follow the the walkthroughs below to get comfortable with the controls and purpose of the views.

Last edited Jun 5, 2012 at 8:17 PM by grant_babb, version 14

Comments

MITREjewels Sep 21, 2012 at 8:57 PM 
When I download the demo, there isn't a RestoreDemoDB.bat file included. Once unzipped, there is the Proi_Investigator.exe that can be clicked on and launched, but the demo does not run (just says "not responding." No data is diplayed in any of the tabs (galaxy, neighborhood, or drilldown) even after dates are selected and "all data" is clicked. Is there more detailed documentation you can provide? What am i missing?