Raw Data

Raw Data is a way of uploading potentially useful information which can later be used for data mining efforts to extract new content for CRITs. This allows you to upload any blob of text from any source you wish. Some examples are:

Whitepapers
PDFs (copy/pasted text from the PDF)
Forums posts
Emails
Logs
News articles
Tool output

You can upload Raw Data by pasting the content or uploading it as a file. When you load Raw Data you can define:

Title: A title for this Raw Data.
Tool Name: The place or tool where this data came from.
Tool Version: A version of the tool if one is available.
Tool Details: Some information about the tool to help determine where this Raw Data came from.
Data Type: The type of the data contents. You can add Raw Data Types through the UI to uniquely define them for your organization based on how you'd like to track the data.
Description: A description of the Raw Data.

Once uploaded, you can go to the Details page and get a unique set of tools and utilities for working with the data:

Version: You can upload multiple versions of this Raw Data (in case the content is a work-in-progress).
Data: The actual Raw Data is broken out line-by-line in a display. Each line will allow you to highlight it (discussed below) or add an inline-comment about that line. Annotating the data this way allows multiple analysts to review and work with the data.
Highlights Tab: This tab shows all of the lines that have been highlighted by analysts. It will show you when it was highlighted, what line was highlighted, a date for that line if one can be determined, the contents of the line, and a place to make a specific comment about that data.
Raw Data Tab: A place to look at the data in Raw format with nothing in the way.
Versions Tab: Shows the different versions of this Raw Data. You can quickly view each version without changing a page and it also gives you a link to the Details page if you want to dive further. You can also view a diff between two versions of the Raw Data.

One service that was developed with Raw Data in mind is the DataMiner service. This service will look through the Raw Data and attempt to find any Domains, IPs, and Email addresses it contains. For each result it will show you if the value already exists in CRITs (with a link to that data). It also gives you a way to quickly add that value as an Indicator, or allows you to edit the value before submitting it. This service also happens to work on Samples (using the strings output).

Raw Data

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally