Open Insights - Configurations provide information on your insight security settings and features, allowing you to review and adjust them accordingly to ensure your detection systems are working at their optimum. 

The "Viewing Open Insights - Configuration View" page  provides comprehensive documentation on the Insights dashboard, its settings, and editing capabilities. The dashboard offers a detailed overview of threats and configurations observed on a network, including open insights, expiring insights, priority levels, active insights with donut chart visualization based on threat types and more. Users can monitor and manage detected threats from the Open Insights dashboard by closing them as needed. Additionally, the page allows for toggling between Threats and Configuration views, selecting multiple insights for further examination or action assignment. 

Image RemovedImage Added

Image: A detailed view of the Open Insights - Confguration dashboard with a focus on policy checks and configuration insights. The dashboard is designed to inform the user of various security policy issues that have been detected within their system, offering both a high-level overview and the ability to drill down into detailed recommendations and best practices for optimization and resolution. The dashboard assists users in enhancing their cybersecurity posture effectively. 

The Dashboard

Open/Closed: Click OPEN to view open insights. Click CLOSED to view closed Insights. 

...

Details Panel (default view): The default view of the Details panel displays the following information about insights on your network:

• Priority: The priority level of the insight. l 
• Status Action/Notification: Provides information about the Insight along with recommended actions. If the action for the same Insight type is changed multiple times within one hour, then after one hour, only the latest action updated in the database will be applied to all the events that occurred during the past hour.
• Last Observation: The time and date the insight was last detected on the network.
• Investigate Insight/View Policies/View DFP Services: Clicking the button associated with an insight allows the investigation or viewing of policies/services associated with the insight. 
• View IDS: Allows you to view or investigate Insight settings.
• Close Service or Policy: Allows you to close a service or policy associated with the Insight.
  
  

Details Panel (expanded view): The expanded view of the details panel displays the following information associated with a selected Insight:

• Priority: The priority level of the insight.  
• Status Action/Notification: Provides information about the Insight along with recommended actions. If the action for the same Insight type is changed multiple times within one hour, then after one hour, only the latest action updated in the database will be applied to all the events that occurred during the past hour.
• Last Observation: The time and date the insight was last detected on the network.
• Investigate Insight/View Policies/View DFP Services: Click the associated link to do one of the following: 
  • Investigate Insight: Click Investigate Insight to investigate the selected insight, you will be taken to the Insight Summary page. 
  • View  Policies: For security policy optimization issues, you will be taken to the Security Policies page in the Infoblox Portal (Configuration > Security > Policies). Security policy errors will be displayed in the Security Policy Needs Optimization pane. The Security Policy Needs Optimization pane displays the following information:
    • POLICY NAME: The name of the policy needing optimization. Note: Click on a policy name to navigate to the security policy needing attention in the Infoblox Portal. 
    • POSSIBLE ERROR: A brief description of the potential error.
    • INSIGHT ID: The Insight's identification. 

...

• View DFP Services: For DFP service optimization issues, you will be taken to the DNS Failover Configuration check failed pane in the Infoblox Portal (Configure > Service Deployment > Protocol Service). DFP service errors will be displayed in the DNS Failover Configuration check failed pane. The DNS Failover Configuration check failed pane displays the following information:
  • SERVICE NAME: The name of the service needing optimization. Note: Click on a service name to navigate to the service needing attention in the Infoblox Portal. 
  • POSSIBLE ERROR: A brief description of the potential error.
  • INSIGHT ID: The Insight's identification. 

 
Image: The DFP Servics window. 

• View IDS: Allows you to view or investigate Insight settings.
• Notifications: Insight notification providing a more thorough information and explanation of the insight and issues pertaining to it. An explanatory video will guide through the process of resolving any issues associated with the insight.  
• Close Service or Policy: Allows you to close a service or policy associated with the Insight.
• Insight Recommendations: Insight recommendations are provided by the Infoblox cybersecurity and threat investigation teams based on best practices for security policies configuration and security policy precedence and identified issues with security policy optimization. 
  
  

...

• Background Tasks: Click the hourglass icon  to open the side panel to view a list of all running background tasks. 

• Search: Click the search icon in the Search text box, then enter your search criterion. 
• Pagination Controls: At the bottom left, there are controls for navigating through different pages of insights, indicating that there is more data available beyond what is displayed on the current page. Click on the number of insight records to display on the page. The options include, 25, 50, or 100.

Threat Feed Missing

If a threat feed is missing from your configuration, you will receive the following notification on the Configuration page. The notificaton will provide details about the missing feed.To add the missing feed to your policy, click Investigate Insight to view additional information about the missing feed along with information on how to add it to your policy. It may take up to 24 hours for the system to reflect the updated feed configuration.

...