GETTING STARTED
What is Cyberspatial Teleseer?
Which Teleseer plan should I pick?
How to sign-up and register for an account
What are the system requirements?
What kind of file types can Teleseer analyze?
Overview of the Teleseer user interface
Publicly available PCAP repositories
ACCOUNT
How to manage your account
How to reset your password
USING TELESEER
Uploading files on the home page
Navigating the network map
Editing and rearranging the network map
Understanding the host inventory
Understanding the external host inventory
Understanding the Connections table
Understanding the Credentials table
Understanding the Dashboard
Exploring the Inspector panel
Exploring the event timeline
TUTORIALS
How to extract PCAP from your timeline
How to identify malicious IP addresses
How to find vulnerable hosts
How to find plaintext credentials
How to export the host inventory
How to export a screenshot of your network map
How to splice PCAPs
How to add PCAPs to a compressed archive
HELP
Contact support
Glossary
Frequently Asked Questions
Troubleshooting

Exploring the Inspector panel

The Inspector panel contains detailed information about one or more selected hosts. It is divided into several sections.

image

To view detailed information about a host, select the desired host within the topology, Inventory, or External Hosts section.

Selected Host

The Summary section contains a high-level overview of the host type and its corresponding metadata (IP address(es), MAC address(es), hostname(s)).

IPInfo/GreyNoise lookup

IPInfo is an IP address geolocation lookup to include geographic location, company name, domain, and what type of company it is (if applicable).

GreyNoise is a cybersecurity platform that collects and analyzes Internet-wide scan and attack traffic that is integrated directly into Teleseer.

Upon selecting a host, the corresponding IPinfo and GreyNoise metadata will appear if present.

image
Example IPinfo/GreyNoise metadata

Host Info

The Host Info section contains detailed information about the host, such as manufacturer, form factor, operating system and version. If an analyst has a prior knowledge about a host, they can add/edit the information within this section.

image
Example Host Info

Host Tags

Tags are words or phrases that can be added to a host to help identify and find the host via the search text field.

Adding Tags

  • Left-click on the desired host.
  • Within the Inspector Panel, scroll down to the Tags section.
  • Select the edit button.
image
Edit button
  • Enter the desired tag value.
  • Select the  Add button.
  • Enter more tags if desired.
  • Select the close button.
image
Close button

This host can now be searched for within the Network, Inventory, and Internet Hosts search text field.

Host Notes

Custom notes that can be added and searched for by users

Host Hostnames

An aggregated table of hostnames existing on the selected host. The hostname, protocol, and domain are displayed for each hostname identified.

Network Interfaces

A host may have one or more network interfaces. An example would be a router containing multiple subnets with each subnet being on its own interface. Each interface detected will be displayed within this section. Each entry will have one or more of the following values: Name, MAC (address), IP (address).

If you have additional information about an interface, you may edit this section accordingly.

image
Example Network Interfaces

Apps

The DPI (Deep Packet Inspection) engines will do their best to identify applications running on a specific host. This section will display the information gathered from the DPI engines. Example values may be: Chrome v#, PBX v#, Safari v#, Thunderbird v#

image
Example Applications

CVEs

CVEs are publicly disclosed information about common vulnerabilities and exposures. If a host is identified as having a high CVE value, it's best to investigate this host further to determine if it has been or can be compromised.

The Teleseer application will do its best to identify hosts which may have a common vulnerability. When a host does contain a common vulnerability, the host will appear within the Topology in red.

Take a Desktop host for example. See below to learn how to differentiate between a desktop without any CVEs detected and a desktop with one or more common vulnerabilities detected.

image
No CVEs detected
image
1 or more CVEs detected

CVEs are in the format of CVE-YYYY-NNNN where YYYY is the year and NNNN can be 4 or more arbitrary digits to uniquely identify the CVE. See the following website for more information: https://www.cve.org/

CVEs displayed within the Inspector Panel will contain the name, a description, and a link to any relevant information:

image
Sample CVE listing

CVE detection

The more specific the Asset Info is, the more refined the CVE list will be.

If an operating system does not contain service pack information, users may receive more CVEs than expected because the system will return all CVEs for the given OS version.

Connections

Selecting one or more blocks within the Timeline displays the Connections panel within the Inspector. This information includes source IP, destination IP, protocol, and bytes transferred.

To view all connections, click on the Show All button.

image
Example connections
TABLE OF CONTENTS
Creating and deleting projects
How to add additional files to your project
How to add project notes
How to change the mouse tracking speed
How to export the Credentials table
How to export the External Hosts inventory
How to filter tables by selected hosts
How to filter the timeline by selected host(s)
How to filter the topology
How to identify a host's physical location
How to make a custom view
How to pin table columns
How to search for hosts
How to see which protocols are using the most traffic
How to sort inventory tables
What is Cyberspatial Teleseer?
Which Teleseer plan should I pick?
How to sign-up and register for an account
What are the system requirements?
What kind of file types can Teleseer analyze?
Overview of the Teleseer user interface
Publicly available PCAP repositories
How to manage your account
How to reset your password
Uploading files on the home page
Navigating the network map
Editing and rearranging the network map
Understanding the host inventory
Understanding the external host inventory
Understanding the Connections table
Understanding the Credentials table
Understanding the Dashboard
Exploring the Inspector panel
Exploring the event timeline
How to extract PCAP from your timeline
How to identify malicious IP addresses
How to find vulnerable hosts
How to find plaintext credentials
How to export the host inventory
How to export a screenshot of your network map
How to splice PCAPs
How to add PCAPs to a compressed archive
Contact support
Glossary
Frequently Asked Questions
Troubleshooting
Careers
Terms of Service
Privacy Policy
Contact us
Docs
Copyright © 2024 All rights reserved.