The Viewing Open Insights - Threats View page covers the Dashboard, Insight Settings, Threats View/Configuration View, and the Details Panel. The Insights dashboard provides information on threats and configurations observed on a network, displaying open insights, expiring insights during the week, medium to critical priority insights, active insights with a donut chart based on threat types and more. It assists in monitoring and managing detected threats while allowing for sorting and searching of insights. Additionally, it enables cybersecurity professionals to monitor, analyze, and respond to threats in real-time. The page also includes details about Insight Settings which allow actions to be assigned to different types of Insights for managing security policies when specific insight types are detected.
The Threats view is displayed by default but can be toggled with Configuration view depending on license availability. It displays priority levels of an insight along with recommended actions if available as well as last observation date and time among other details associated with selected Insight.
Image: A detailed view of the Open insights -Threats View dashboard, which provides a comprehensive view of network security threats and insights. The interface is divided into several sections with various functionalities. The dashboard provides sophisticated tools that enable cybersecurity professionals to monitor, analyze, and respond to threats in real-time. It is designed to provide a quick overview while also allowing for in-depth analysis and immediate action to protect against security threats.
The Dashboard
Open/Closed: Click OPEN to view open insights. Click CLOSED top view closed Insights.
...
- Threat Types: The threat types observed on your network during the current reporting period.
- Threat Levels: The threat levels observed on your network during the current reporting period.
- Timeline: The number of events and devices observed during the past 24 hour and one week time spans.
- Scanned Major Threats: The results of the scan of your network for major threats
- Most Infected Devices: This report displays the following information acquired from any discoverable sources (Infoblox Endpoint, IP address, Metadata,etc.).
- User: The username that is used to log into this device.
- OS Version: The OS version that is currently running on the device.
- Mac Address: The MAC address for the device.
- Threat Families: The threat family class or classes observed on devices in the network.
...
The Threats view is displayed by default on the Insights dashboard page. The Threats and Configuration pages are available on a license basis.
The Insight Threats view displays the following information associated with a selected Insight:
- Priority: The priority level of the insight.
- Infoblox's Action/Notification: Provides information about the Insight along with recommended actions. If the action for the same Insight type is changed multiple times within one hour, then after one hour, only the latest action updated in the database will be applied to all the events that occurred during the past hour.
- Last Observation: The time and date the insight was last detected on the network.
- Description: A detailed description of the Insight.
- Investigate Insight: Investigate multiple contributing factors for the reported Insight.
The Insight Configuration view displays the following information associated with a selected Insight:
- Priority: The priority level of the insight. Priorty level
- Last Observation: The time and date the insight was last detected on the network.
- Investigate Insight: Investigate multiple contributing factors for the reported Insight.
- View IDS: Allows you to view or investigate Insight settings.
- Close Service or Policy: Allows you to close a service or policy associated with the Insight.
- Insight Recommendations: Insight recommendations are based on best practices for security policies configuration and optimization.
- Security Policy: Displays security policy optimization issues and errors.
- View DFP Services: Displays DNS Failover Configuration check failed issues and errors.
Image: The Open Insights dashboard page - Configuration view (normal view). The dashboard displays information about open insight records.
...
Click the down-pointing arrow icon to open the details panel Click the up-pointing arrow icon to close the details panel.
Insight Recommendations: Insight recommendations are provided by the Infoblox Cybersecurity anf threat investigation teams based on best practices for security policies configuration and security policy precedence and identified issues with security policy optimization.
...
- View DFP Services: For DFP service optimization issues, you will be taken to the DNS Failover Configuration check failed pane in the Infoblox Portal (Configure > Infrastructure > Services). DFP service errors will be displayed in the DNS Failover Configuration check failed pane. The DNS Failover Configuration check failed pane displays the following information:
- SERVICE NAME: The name of the service needing optimization. Note: Click on a service name to navigate to the service needing attention in the Infoblox Portal.
- POSSIBLE ERROR: A brief description of the potential error.
- INSIGHT ID: The Insight's identification.
...
Click the up-facing arrow icon to return to the details pane default view.
Selecting insights: Place a check in the checkbox next to an open insight to select it. Once selected, click Insight Status followed by clicking Move to Close to update and change the insight status. to closed. you can close the insight.
...
Background Tasks: Click the hourglass to open the side panel to view a list of all running background tasks.
Search: Click the search icon in the Search text box, then enter your search criterion.
- Pagination Controls: At the bottom left, there are controls for navigating through different pages of insights, indicating that there is more data available beyond what is displayed on the current page. Click on the number of insight records to display on the page. The options include, 25, 50, or 100.