The Viewing Closed Insights - Threats View page provides functionality and workflows similar to the Open tab, allowing users to view and manage closed insights. It displays information about closed insights, including priority level, status action/notification, last observation date and time, and a brief description of the insight. Users can investigate closed insights, view IDS settings, close services or policies associated with the insight, and access recommendations for security policy optimization. The page also includes features such as filtering, selecting multiple insights, expanding/collapsing the details pane.
The Threats view is displayed by default on the dashboard page but users can toggle between Threats and Configuration views. The Insight Settings pane allows assigning actions to Insight types like "Nothing," "Add to Allow List," or "Add to Block List." Additionally, users can edit or close insights from this page.
The Threats view is displayed by default. To view the Configuration view, see the Threats View/Configuration View section on this page.
Image: A detailed view of the Closed Insights - Threats dashboard that provides information about "Closed Insights," which are security incidents or issues that have been resolved. The dashboard serves as a tool for cybersecurity professionals to review and manage previously identified and resolved security threats and configuration issues. It offers functionalities to organize, search, and review details about the resolved issues for data-keeping or analysis purposes.
The Dashboard
Open/Closed: Click OPEN to view open insights. Click CLOSED top view closed Insights.
...
Insight Status: Click Insight Status > Move to Open after selecting one or more open insights. The moved insights will populate the Open Insights page.
Image: The Insight Status menu displaying the Move to Open option.
You can confirm the status change of selected insights by verifying hey have been moved to the Closed Insight page.
...
Sort by: Click Sort by to see the list of Insights sorted by date, priority, or type.
Image: The Sort by menu displaying the drop-down options.
Search: Enter a search criterion in the Search text box. The Cloud Services Infoblox Portal will show all records that match the criterion.
Filtering: Click the filter icon to open and close the filtering panel. Clickthe add icon to display the filter option drop-down menu.
From the drop-down menu, you can select specific filter attributes to run search on. Filter query attributes include the following:
...
Multiple filter types can be selected simultaneously.
Image: The Filter Type menu options.
Insight Settings: Click Insight Settings to open the Insight Settings pane. In the Insight Settings pane, actions can be assigned to Insight types. If the action for the same Insight type is changed multiple times within one hour, then after one hour, only the latest action updated in the database will be applied to all the events that occurred during the past hour. See the Insight Settings section for further information.
...
Sort by: Click Sort by to see the list of Insights sorted by date, priority, or type.
Image: The Sort by menu displaying the drop-down options.
Select All/Unselect All: Click Select all to select all insights. Alternatively, you can deselect all selected insights by clicking Deselect All.
...
- To edit an Insight, do the following:
- Click the three horizontal dots icon followed by clicking Edit Insight to begin the insight editing process.
Image: The Edit Insight menu displaying the drop-down options. - In the edit pane, toggle the insight Open switch to the left to close the insight. In the comments field, provide information as a closing comment for the insight.
Image: The Edit Insight window. - Click Save & Close.
Closing an Insight
- To close an Insight, do the following:
- Click on the three horizontal dots icon followed by clicking Move to Closed Insight.
Image: The Close Insight window.
The selected insight will be moved to the Closed insight list.
...
The Threats view is displayed by default on the Insights dashboard page. Click Threats or Configuration to toggle between the two views. The Threats and Configuration pages are available on a license basis.
The Insight Threats view displays the following information associated with a selected Insight:
- Priority: The priority level of the insight.
- Infoblox's Status Action/Notification: Provides information about the Insight along with recommended actions. If the action for the same Insight type is changed multiple times within one hour, then after one hour, only the latest action updated in the database will be applied to all the events that occurred during the past hour.
- Last Observation: The time and date the insight was last detected on the network.
- Description: A detailed description of the Insight.
- Investigate Insight: Investigate multiple contributing factors for the reported Insight.
The Insight Configuration view displays the following information associated with a selected Insight:
- Priority: The priority level of the insight. Priorty level
- Last Observation: The time and date the insight was last detected on the network.
- Investigate Insight: Investigate multiple contributing factors for the reported Insight.
- View IDS: Allows you to view or investigate Insight settings.
- Close Service or Policy: Allows you to close a service or policy associated with the Insight.
- Insight Recommendations: Insight recommendations are based on best practices for security policies configuration and optimization.
- Security Policy: Displays security policy optimization issues and errors.
- View DFP Services: Displays DNS Failover Configuration check failed issues and errors.
Image: The Closed Insights dashboard page - Configuration view. The dashboard displays information about open insight records.
...
Click the down-pointng arrow icon to open the details panel Click the up-pointng arrow icon to close the details panel.
Insight Recommendations: Insight recommndations are provided by the Infoblox Cybersecurity anf threat investigation teams based on best practices for security policies configuration and security policy precedence and identified issues with security policy optimization.
- Security Policy: For security policy optimization issues, you will be taken to the Security Policies page in the Cloud Services the Infoblox Portal (Policies > Security PoliciesConfigure > Services Deployment > Protocol Service). Security policy errors will be displayed in the Security Policy Needs Optimization pane. The Security Policy Needs Optimization pane displays the following information:
- POLICY NAME: The name of the policy needing optimization. Note: Click on a policy name to navigate to the security policy needing attention in the Cloud Services the Infoblox Portal.
- POSSIBLE ERROR: A brief description of the potential error.
- INSIGHT ID: The Insight's identification.
...
- View DFP Services: For DFP service optimization issues, you will be taken to the DNS Failover Configuration check failed pane in the Cloud Services the Infoblox Portal (Infrastructure > ServicesConfigure > Service Deployment > Protocol Service ). DFP service errors will be displayed in the DNS Failover Configuration check failed pane. The DNS Failover Configuration check failed pane displays the following information:
- SERVICE NAME: The name of the service needing optimization. Note: Click on a service name to navigate to the service needing attention in the Cloud Services the Infoblox Portal.
- POSSIBLE ERROR: A brief description of the potential error.
- INSIGHT ID: The Insight's identification.
...
Background Tasks: Click the hourglass icon to open the side panel to view a list of all running background tasks.
- Search: Clickthe search icon in the Search text box, then enter your search criterion.
- Pagination Controls: At the bottom left, there are controls for navigating through different pages of insights, indicating that there is more data available beyond what is displayed on the current page. Click on the number of insight records to display on the page. The options include, 25, 50, or 100.