SCOT – Sandia Cyber Omni Tracker

The Sandia Cyber Omni Tracker (SCOT) is a cyber security incident response management system and knowledge base. Designed by cyber security incident responders, SCOT provides a new approach to manage security alerts, analyze data for deeper patterns, coordinate team efforts, and capture team knowledge. SCOT integrates with existing security applications to provide a consistent, easy to use interface that enhances analyst effectiveness.

Incident response (IR) teams utilize many systems to detect, collect and analyze cyber security event data. These systems, while solving pieces of the puzzle, often fail to give the analyst a holistic view of what is happening and their team’s response to those events. Many systems do not have the flexibility to work with the IR processes to research and document those activities.

SCOT - Sandia Cyber Omni Tracker

SCOT – Sandia Cyber Omni Tracker

The approach of this framework is focused on removing the friction between analysts and their tools, it enables analysts to document and share their research and response efforts. As a software suite that integrates data from detectors, analysis, and other information sources, it provides real time updates of the team’s work to keep the team informed and coordinated. SCOT automatically identifies indicators to help the analyst discover and respond to advanced threats.

Centralization of the data reduces the contextual shifts necessary to access each detection system. Fusing detection data with the accumulated team knowledge allows the team to quickly discover that a new alert might be part of a larger campaign. In addition, SCOT automates and simplifies common analyst tasks to increase analyst’s effectiveness by freeing them to concentrate on cyber security.

You can read more and download this tool over here: