January 12, 2023

Got RedEye?

PNNL researchers launch free visualization and reporting tool to mitigate cyber threats

Image of a RedEye code log file

RedEye is an open-source analytic tool developed by CISA and DOE’s Pacific Northwest National Laboratory to assist red teams with visualizing and reporting command and control activities.

(Screenshot courtesy of RedEye team)

RedEye is an open-source, analytical platform that gives users a way to assess and display complex data. The first-of-its-kind tool was created to improve the operations of red and blue teams by enabling them to make effective decisions in response to cybersecurity threats.

Researchers at Pacific Northwest National Laboratory (PNNL), in partnership with the Cybersecurity and Infrastructure Security Agency (CISA), released RedEye in October 2022.

Red teams versus blue teams

According to CISA, 47% of American adults have had their personal information exposed to cyber criminals. Consumers—worldwide—lose nearly $400 and more than 20 hours dealing with online crime every year.

To thwart potential cyber threats, enter red teams and blue teams. Essentially, red teams mimic potential cybersecurity attacks, while blue teams work to protect against those attacks. For years as these scenarios played out, there wasn’t an easy mechanism to track the red team’s steps to penetrate weaknesses in a network.

RedEye not only documents those steps but also communicates the results to the operations and management teams. Users have noticed the tool’s unique aspects: visualization of interactions, ease of use, and reporting functionality.

“Another element that makes RedEye unique is how it automatically parses red teams' log files from a campaign to create the visualization and reports,” said Austin Golding, PNNL software engineer and RedEye project lead. “Team members previously had to read hundreds of text log files and manually create reports from those.”

Forks and stars

Within a few months, RedEye has garnered more than 2,000 stars and nearly 200 forks. In GitHub language, stars represent users who have liked the repository and are showing appreciation for it. Forks represent users who want a copy of the repository or are planning to make contributions.

“We understood RedEye solved a problem space not fully covered by other solutions, but we weren’t expecting such a significant and positive response,” said Golding.

Community feedback

As a free, open-source tool, RedEye looks to contributors and users for critical input on improvements.

“Because it’s publicly released, it has become a collaboration between us (PNNL and CISA) and the greater community,” said Golding. “Now we have a much larger audience using the tool, providing feedback, and contributing directly to new features or bug fixes. It fundamentally changes how the project and team have to operate to continue to succeed.”

In 2023, new features are planned, which include a live parsing mode so users can follow a campaign as it’s being run rather than after, expanded graph and presentation customization C2 framework parsers, and additional requests from the community.

Other members of the project team at PNNL include Dan Best, cybersecurity analyst; Sebastian Ang, software engineer; James Bradford, UX designer; Courtney Carpenter, software engineer; Devan Farrell, software engineer; Shawn Hampton, software engineer; Huiqing Li, software engineer; and Brittany Pierson, software engineer.

Published: January 12, 2023