Up and Running with Intrigue-Core

Now that you have a running core instance, it’s time to kick the tires, so let’s create a project.

A project is a namespace for entities, tasks, and scans. It can be specific to an organization, an investigation, or just a set of related entities. We’ll name this one “just playing around”:

Intrigue Core 2017-03-07 00-14-55

Once it’s created, click on the project to enter its namespace.

Now that we’ve created selected this project, let’s run single task. Tasks can be thought of as scripts, and they do stuff like look up DNS records, or scrape information from a web page.

As an example, lets run a DNS Service Record Bruteforce, which will request specific types of DNS records, and create new entities for us. A couple important points:

  1. Selecting a task in the interface will automatically filter the entities that can be provided… if a task can only take a DnsRecord, that’s all you’ll be able to select via the task runner.
  2. Selecting a task will also provide options (if available) to you in the interface. These will automatically display as soon as you select the task.
  3. “Machine” and “Iterations” are concepts that allow you to iteratively run tasks as new entities are discovered. For now, we’ll set these concepts aside and choose “None” for our iterations.

Go ahead and click “Run Task” to start:

Clicking “Run Task” will redirect you to the results page, and you’ll see that the page provides both a set of information about the task, as well as a complete log. The most important thing on this page is the new entities we’ve just created. Notice that new DnsRecord, IpAddress and NetworkService entities are created and shown automatically. These are all entities that we can iterate further upon by clicking on them.

results

Let’s iterate on that first DnsRecord, sip.microsoft.com. Go ahead and click on it and you’ll be taken to the entity’s page.

On an entity’s page,  you’ll see all of the details specific to it, as well as the ability to run a new task on the entity, and just like last time, the task runner populates only the tasks that will operate on a DnsRecord.

Let’s run an “Nmap Scan” task on this entity. Select the task and hit “Run Task”

iterate

And just like that, we’re scanning that server, automatically parsing the results into new entities that we can interact with. Get the idea? Keep going, and see what you can discover!

iterate-further

Important Note! Many tasks will require an API key – which you configure in the “Configure” tab. Each listing has a handy link to the configuration, making it easy to provision an API key:

configure
See: “Configuring Intrigue Core” for more details.

Don’t forget to check out the “Analysis” views to show you a listing of all entities and a graph of all entities respectively (Graphs are generated on pageview, so you will need to refresh to see the generated graph.”

graph

In additiona, the graph has a HUD that can be used to navigate to the details when you find interesting features in the Graph view.

graph HUD

And that’s it for today. You now get the basic concepts of Intrigue and are ready to start discovering!

Have fun!

Please jump in the Support channel if you have troubles or want to learn more!