Versions Compared

Old Version 2

changes.mady.by.user Gary Leicht

Saved on

compared with

New Version Current

changes.mady.by.user Gary Leicht

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The Viewing Insight Threat Categories tab offers a detailed explanation of the Insight Threat Categories feature. It covers various aspects and functionalities of threat categories, including an overview of insights, the definition of threat categories, priority notifications, the option to share and export insight reports, the ability to research threats using Dossier, a comments section, and the capability to view and edit insights.  

Image RemovedA detailed view of the SOC Insights - Viewing Insight Threat Categories dashboardImage Added

Image: A detailed view of the SOC Insights - Viewing Insight Threat Categories dashboard used for managing SOC insights. The Viewing Insight Threat Categories dashboard is designed to provide cybersecurity professionals with a clear and concise overview of potential threats, including details such as the threat level, description, and the ability to take further actions like sharing or exporting the information. The dashboard categorizes and prioritizes threats to aid in the management and response to cybersecurity incidents.

The Dashboard


call-out AImage Added

Image RemovedInsight SummaryThe Insight Summary includes a brief description of the Insight including the type of threat associated with the insight. 

Image Removedcall-out BImage Added

Threat Categories Definition: Threat categories show the feeds used to detect a threat as well as its threat level.

call-out CImage Added

Image RemovedPriority Notification: The priority rating card displays the following information about the Insight:

  • Priority: The Insight's priority level (High, Medium, Low, or Info).
  • Date and time: The Insight's date and time of first detection and for its most recent detection. All times are adjusted to the local time zone.

Image Removedcall-out DImage Added


Insight ID:   Roll over the truncated Insight ID displayed on the page to view the full-length Insight ID number in a tool tip.

call-out EImage Added

Image RemovedCopy Insight: ClickImage RemovedClickthe copy icon to copy the insight to the clipboard.

call-out FImage Added

Image RemovedEdit insight: Click Image RemovedClick the edit icon to change the status of an insight. nThe Insight Change Status window will appear. In the window, you can change the Insight status from Insight Open to Insight Close or Insight Close to Insight Open by toggling the status switch. Optionally, you can leave a comment in the text field at the time of the status change. Finally, you can read prior comments associated with the Insight. Click Save & Close to complete the Insight status change. Do note that the Save & Close button will not be accessible (it will be grayed out) until such time a status change has been made for the Insight.   
Image Removed   Image RemovedImage Added 
  Image: A detail view of the Edit Insight window. 

call-out GImage Added

Share & Export OptionsClick Share & Export to share a selected Insight within your organization. The Share Insight window will appear, allowing you to choose any or all information associated with an Insight. Raw logs can be downloaded in zip format while the Summary can be downloaded as a PDF by clicking Download. 

Image Added 
Image Removed  Image: A detail view of the Share Insight window. 

Image Removedcall-out HImage Added

Threat Category Panel:  The threat category panel provides information about an Insight. The threat category panel displays the following information:

  • Threat Indicator Category: Threat categories include phishing, malware, as well as other supported categories.
  • Indicator(s) of Compromise: The record of indicators of compromise associated with an Insight. Clicking the link opens the Indicators pane. The Indicators pane displays information about the indicatpor(s) of compromise along with a link to the Insight's Dossier Summary report. 

Image RemovedImage Added
  Image: A detail view of the Indicators window. 

  • Feed Source: The name of the feed where the Insight was first detected. 
  • Comments: Infoblox Cybersecurity comments related to the Insight. 

call-out IImage Added

Image RemovedExpand/CloseClick Image RemovedClick the down-pointing arrow icon to expand the details panel where you can view detailed information associated with the selected Insight. Click Image Removed the up-pointing arrow icon to close the details panel.


You can also do the following on the page: 

  • Background TasksClick Image RemovedClick the hourglass icon to open the side panel to view a list of all running background tasks. 

  • Search: Click Image Removed the search icon in the Search text box, then enter your search criterion. 

  • Pagination Controls: At the bottom left, there are controls for navigating through different pages of insights, indicating that there is more data available beyond what is displayed on the current page. Click on the number of insight records to display on the page. The options include, 25, 50, or 100.
  • Click <Back to Console of Insights to return to the Open Insights console.