Pastelyzer – the paste analyzer – a tool improving daily operations at CERT.LV
As part of the project co-funded by European Commission (2017-LV-IA-0058) CERT.LV has developed a tool, that by being fully integrable within existing workflow, is improving daily operations for the incident response team in Latvia. It is deemed that in future this tool might become useful to other incident response teams in European countries and beyond.
What is paste and pastelyzer?
As the name of the tool indicates – Pastelyzer – The Paste Analyzer, the key element that the tool is operating with is paste – compromised data e.g. IP addresses, bank card numbers, e-mail addresses, passwords, etc. published by cybercriminals via thematic sites or cloud-service repositories. Cybercriminals frequently publish either samples of the compromised information or the full data sets.
Using Pastelyzer it is possible to identify and analyze the data in an automated manner thereby allowing swift actions to be taken to protect the internet users in Latvia.
CERT.LV regularly informs its’ constituency as well as internet users in Latvia regarding major data leaks or availability of compromised data online, always reminding to make sure that personal data or devices are safe.
How is Pastelyzer improving daily operations?
On a daily basis CERT.LV is monitoring data leaks online. “We are doing this to swiftly identify any data leaks containing Latvian IP addresses, bank card numbers, e-mail and social networking service information for us to inform the organizations and internet users in Latvia” explains Varis Teivāns deputy manager at CERT.LV “the amount of data is extensive, but resources dedicated for analysis – limited. For us to work more effectively we needed a tool that would allow identification and automated analysis of information relevant to Latvian IT space – this is how Pastelyzer came about”.
How and to whom can Pastelyzer be useful?
Even though the primary target users of the tool are the incident response teams, it is developed in a way that allows easy integration into workflow of any organization via an API – Application Programming Interface. To use Pastelyzer as another tool in your daily operations, a data set should be available that can be used as a base for selected artefact search and selection. “Pastelyzer is a tool, which identifies security related information in textual form. The tool is usable in both command-line interface as well as service application allowing storing documents and search information in the database. One of the characteristics that allows Pastelyzer to stand out from other tools is its’ ability to recognize and process also binary information in textual form” highlights Pastelyzer’s developer Jānis Džeriņš.
Where can I find information on Pastelyzer?
The work on further development of the Pastelyzer’s functionality as well on APIs is ongoing. You can find Pastelyzer together with user manual and installation guide online at: https://github.com/cert-lv/pastelyzer/. In case you have any questions or comments, feel free to get in touch with us via: cert.