The Viewing Closed Insights - Threats View page provides functionality and workflows similar to the Open tab, allowing users to view and manage closed insights. It displays information about closed insights, including priority level, status action/notification, last observation date and time, and a brief description of the insight. Users can investigate closed insights, view IDS settings, close services or policies associated with the insight, and access recommendations for security policy optimization. The page also includes features such as filtering, selecting multiple insights, expanding/collapsing the details pane.

The Threats view is displayed by default on the dashboard page but users can toggle between Threats and Configuration views. The Insight Settings pane allows assigning actions to Insight types like "Nothing," "Add to Allow List," or "Add to Block List." Additionally, users can edit or close insights from this page.

The Threats view is displayed by default. To view the Configuration view, see the Threats View/Configuration View section on this page.

Image: A detailed view of the Closed Insights - Threats dashboard that provides information about "Closed Insights," which are security incidents or issues that have been resolved. The dashboard serves as a tool for cybersecurity professionals to review and manage previously identified and resolved security threats and configuration issues. It offers functionalities to organize, search, and review details about the resolved issues for data-keeping or analysis purposes.

The Dashboard

Open/Closed: Click OPEN to view open insights. Click CLOSED top view closed Insights. 

...

Insight Status: Click Insight Status > Move to Open after selecting one or more open insights. The moved insights will populate the Open Insights page. 

Image Modified
Image: The Insight Status menu displaying the Move to Open option.

You can confirm the status change of selected insights by verifying hey have been moved to the Closed Insight page.

...

Sort by: Click Sort by to see the list of Insights sorted by date, priority, or type. 

Image Modified
Image: The Sort by menu displaying the drop-down options.

Search: Enter a search criterion in the Search text box. The Cloud Services Portal will show all records that match the criterion.

Image Modified

Filtering: Click Image RemovedClick the filter icon to open and close the filtering panel. ClickImage RemovedClickthe add icon to display the filter option drop-down menu.

Image Modified

Image: The Filtering menu displaying the Move to Open option.

From the drop-down menu, you can select specific filter attributes to run search on. Filter query attributes include the following:

...

Multiple filter types can be selected simultaneously. 
Image Modified
Image: The Filter Type menu options.

Insight Settings: Click Insight Settings to open the Insight Settings pane. In the Insight Settings pane, actions can be assigned to Insight types. If the action for the same Insight type is changed multiple times within one hour, then after one hour, only the latest action updated in the database will be applied to all the events that occurred during the past hour. See the Insight Settings section for further information.

...

Sort by: Click Sort by to see the list of Insights sorted by date, priority, or type. 

Image Modified
Image: The Sort by menu displaying the drop-down options.

Select All/Unselect All: Click Select all to select all insights. Alternatively, you can deselect all selected insights by clicking Deselect All. 

...

Editing/Closing Insights: Click Image Removedto the three horizontal dots iconto move the selected insight to closed or to edit the selected insight. 

...

1. To edit an Insight, do the following:
2. Click Image RemovedClick the three horizontal dots icon followed by clicking Edit Insight to begin the insight editing process. 
   Image Modified
   Image: The Edit Insight menu displaying the drop-down options.
   
   
3. In the edit pane, toggle the insight Open switch to the left to close the insight. In the comments field, provide information as a closing comment for the insight.  
   
   Image Modified
   Image: The Edit Insight window.
   
   
4. Click Save & Close. 

Closing an Insight

1. To close an Insight, do the following:
2. Click Image Removedon the three horizontal dots icon followed by clicking Move to Closed Insight. 

Image Modified
Image: The Close Insight window.

The selected insight will be moved to the Closed insight list.

Expand/Close: Click Image Removed the down-pointng arrow icon to expand the details panel where you can view detailed information associated with the selected Insight. Click Image Removedthe up-pointng arrow icon to close the details panel.

...

The Threats view is displayed by default on the Insights dashboard page. Click Threats or Configuration to toggle between the two views. The Threats and Configuration pages are available on a license basis.

The Insight Threats view displays the following information associated with a selected Insight:

• Priority: The priority level of the insight. 
• Infoblox's Status Action/Notification: Provides information about the Insight along with recommended actions. If the action for the same Insight type is changed multiple times within one hour, then after one hour, only the latest action updated in the database will be applied to all the events that occurred during the past hour.
• Last Observation: The time and date the insight was last detected on the network.
• Description: A detailed description of the Insight.
• Investigate Insight: Investigate multiple contributing factors for the reported Insight. 

The Insight Configuration view displays the following information associated with a selected Insight:

• Priority: The priority level of the insight. Priorty level 
• Last Observation: The time and date the insight was last detected on the network.
• Investigate Insight: Investigate multiple contributing factors for the reported Insight. 
• View IDS: Allows you to view or investigate Insight settings.
• Close Service or Policy: Allows you to close a service or policy associated with the Insight.
• Insight Recommendations: Insight recommendations are based on best practices for security policies configuration and optimization.
• Security Policy: Displays security policy optimization issues and errors.
• View DFP Services: Displays DNS Failover Configuration check failed issues and errors.

Image: The Closed Insights dashboard page - Configuration view. The dashboard displays information about open insight records. 

...

View IDS: Click View or Investigate to Insight settings. 

Click Image Removedthree horizontal dots icon to close a service or policy the Insight is associated with. Or for the purposes of investigation, copy the link to share with others in your organization.

Click Image RemovedClick the down-pointng arrow icon to open the details panel Click Image RemovedClick the up-pointng arrow icon to close the details panel. 

Image Modified

Insight Recommendations: Insight recommndations are provided by the Infoblox Cybersecurity anf threat investigation teams based on best practices for security policies configuration and security policy precedence and identified issues with security policy optimization. 

...

• View DFP Services: For DFP service optimization issues, you will be taken to the DNS Failover Configuration check failed pane in the Cloud Services Portal (Infrastructure > Services). DFP service errors will be displayed in the DNS Failover Configuration check failed pane. The DNS Failover Configuration check failed pane displays the following information:
  • SERVICE NAME: The name of the service needing optimization. Note: Click on a service name to navigate to the service needing attention in the Cloud Services Portal. 
  • POSSIBLE ERROR: A brief description of the potential error.
  • INSIGHT ID: The Insight's identification. 

...

Investigate Insight: Click Investigate Insight to be taken to the Summary page where an investigation of the insight begins. For information, see Viewing the Insight Summary. 

Click Image Removedon the three horizontal dots icon followed by clicking Move to Open to close a selected insight or click Edit to edit the selected insight. For information on editing an Insight, see the Edit Insight section.


Image: The Move to Open and Edit option. 

...

Investigate Insight: Click Investigate Insight to be taken to the Summary page where an investigation of the insight begins. For information, see Viewing the Insight Summary.  

Click Image Removedon the three horizontal dots icon followed by clicking Move to Close to close a selected insight, or click Edit to edit the selected insight. For information on editing an Insight, see the Edit Insight section.


Image: The Move to Closed and Edtt option. 

Click Image Removed to the up-pointng arrow icon to return to the details pane default view. 

...

Click Insight Settings to open the Insight Settings pane. In the Insight Settings pane, actions can be assigned to Insight types. See the Insight Settings section for further information. The types of Action options which can be applied include: Nothing, Add to Allow List, and Add to Block List. If the action for the same Insight type is changed multiple times within one hour, then after one hour, only the latest action updated in the database will be applied to all the events that occurred during the past hour.

Image Modified

Image: The Insight Settings panel displaying Insight Types and Actions.

The types of Action options which can be applied include Nothing, Add to Allow List, and Add to Block List.

Image Modified
Image: The Action menu displaying available options.

...

To edit an Insight, do the following:

1. Click Image Removedon the three horizontal dots icon followed by clicking Edit Insight to begin the insight editing process. 
   
   
   Image: The Move to Closed and Edtt option. 
   
   
2. in the edit pane, toggle the insight Open switch to the left to close the insight. In the comments field, provide information as a closing comment for the insight.  
   
3. Click Save & Close. 

...

You can also do the following on the page: 

• Background Tasks: Click  Image Removedthe hourglass icon to open the side panel to view a list of all running background tasks. 

• Search: ClickImage RemovedClickthe search icon in the Search text box, then enter your search criterion. 
• Pagination Controls: At the bottom left, there are controls for navigating through different pages of insights, indicating that there is more data available beyond what is displayed on the current page. Click on the number of insight records to display on the page. The options include, 25, 50, or 100.