3 (+1) Pulsedive Utilities For Every Security Analyst

Behind every investigation, there are numerous necessary steps for data collection, transformation, and import/export. While some workflows can be entirely automated (the dream), analysts and researchers still find themselves repeating tedious tasks over and over. Soul-crushingly manual tasks like extracting indicators or removing individual brackets from indicator names. That's why we developed these built-in utilities: to provide efficient shortcuts to get the data you need, in the form you want.

1. Effortlessly Parse Indicator Lists

Where: Indicator Queue in Pulsedive Analyze (https://pulsedive.com/analyze/)

What: Collect, upload, edit, parse, preview, and download a formatted list of indicators. Plain text and CSV files supported. Bonus - process them in bulk and export your enriched results, too.

Why: Gathering all sorts of formats, a mix of fanged/defanged indicators, and indicator types can get messy. Many tools won't accept different formats, which means more manual editing. Use this handy function built into our interface to gather and format your list. Extract IPs, or domains and URLs, or any other combination. Add and adjust parsing exclusions as needed. Check out changes live in the "Queue" preview, then download and be merry.

2. Decode *All* The Things

Where: Pulsedive Toolbox, found in Pulsedive Community and Enterprise - it's right on our navigation bar.

What: Support data analysis with convenient utilities for encoding and decoding base64 and URI strings, pretty-printing JSON data, and testing regular expressions.

Why: The toolbox is handy way to decipher, manipulate, and parse out interesting nuggets of information during your investigation, without needing to open yet another tab. Our toolbox, particularly the "magic decode" button, helps analysts easily identify what they're looking for. Need something a little more sophisticated? We conveniently linked GCHQ's CyberChef in the toolbox, so you can cook up all sorts of more complex recipes. Plus, Pulsedive doesn't see or save any of the toolbox input - it is 100% client-side code. Decode away!

3. Safe Indicator Handling (...Or Not, It's Your Choice!)

Where: Indicator copy-paste on all Indicator pages, e.g. https://pulsedive.com/indicator/pulsedive.com

What: One-click copy a de-fanged or fanged indicator.

Why: While it sounds simple enough, it can be a serious nuisance when analysts need a specific format for a report and enrichment platforms only offer one. That's why we give you the option of copying either format you choose - de-fanged/sanitized or fanged/un-sanitized. For user safety, the defanged copy is the more obvious default one.

+1 Pro Bonus: All-in-One 3rd Party Enrichment

Where: 3rd party enrichment and reference URLs on all Indicator pages for Pro subscribers, e.g. https://pulsedive.com/indicator/?iid=443392

What: In addition to the one-click or auto-fetch enrichment from VirusTotal, Shodan, and AbuseIPDB, hit Expand to grab reference URLs to go straight to the (3rd party) source. The integration modal also displays summary and raw responses for ease of review.

Why: As much as the industry strives to chase the "single pane of glass" vision, sometimes it's easier to go to the source or continue triage in a specific UI. That's why we embedded the reference URL - so you can stay focused on the task and avoid more window-opening, copying, and potential distractions.

Conclusion

From the very beginning, Pulsedive has been an analyst and practitioner-driven platform. A core pillar in our company philosophy is to "be frictionless" - which includes eliminating barriers that users face in their day-to-day responsibilities. We hope you find these utilities useful and would love to hear what else we can build into our products to simplify your everyday processes.

Interested in more not-so-hidden secrets in the Pulsedive Community Platform? Let us know at support@pulsedive.com.