Versions Compared

Old Version 7

changes.mady.by.user Gary Leicht

Saved on

compared with

New Version Current

changes.mady.by.user Alex Mandel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The Insight Assets tab provides a summary of insights and their details. It includes a summary of all assets associated with an Insight, which gives a brief description of the Insight along with its priority level and detection dates. The Assets tab also displays a priority rating card, showing the priority level of the insight. In the Assets tab, an insight status can be edited. The Share & Export feature allows users to share insights within their organization. The Assets tab also includes options to select and deselect asset records, collapse or expand all asset records, and view a report banner explaining the purpose of the Insight Assets report.

Image RemovedImage Added

Image: A detailed view of the SOC Insights - Viewing Insight Assets dashboard used for managing SOC insights. The Viewing Insight Assets dashboard is designed to provide a detailed analysis of threats to cybersecurity analysts. It enables them to review and manage the affected assets, analyze the threat's impact, and take necessary actions.

The Dashboard

call-out AImage Removedcall-out AImage Added

Insight SummaryThe Insight Summary includes a brief description of the Insight including the type of threat associated with the insight. 

call-out BImage Removedcall-out BImage Added

Priority Notification: The priority rating card displays the following information about the Insight:

  • Priority: The Insight's priority level (High, Medium, Low, or Info).
  • Date and time: The Insight's date and time of first detection and for its most recent detection. All times are adjusted to the local time zone. 

call-out CImage Removedcall-out CImage Added

Insight IDRoll over the truncated Insight ID displayed on the page to view the full-length InsightID number in a tool tip.


call-out DImage Removedcall-out DImage Added

Copy Insight: Clickthe copy icon to copy the insight to the clipboard. 

call-out EImage Removedcall-out EImage Added

Edit insight: Click the edit icon to change the status of an insight. nThe Insight Change Status window will appear. In the window, you can change the Insight status from Insight Open to Insight Close or Insight Close to Insight Open by toggling the status switch. Optionally, you can leave a comment in the text field at the time of the status change. Finally, you can read prior comments associated with the Insight. Click Save & Close to complete the Insight status change. Do note that the Save & Close button will not be accessible (it will be grayed out) until such time a status change has been made for the Insight.      
Image RemovedImage Added
Image: A detail view of the Edit window.
call-out FImage Removed

call-out FImage Added

Share & Export Options: Click Share & Export to share a selected Insight within your organization. The Share Insight window will appear, allowing you to choose any or all information associated with an Insight. Raw logs can be downloaded in zip format while the Summary can be downloaded as a PDF by clicking Download

Image RemovedImage Added
Image: A detail view of the Share Insight window.
call-out GImage Removed

call-out GImage Added

Select/Unselect: Click Select All to select all Asset records. Alternatively, click Unselect All to deselect all selected Asset records. To select a specific record, place a check in the box associated with it.

call-out HImage Removedcall-out HImage Added

Collapse All / Expand All: Click Collapse All to collapse all records on the page. Click Expand All to expand all records on the page.

call-out IImage Removedcall-out IImage Added

Asset Chart: The interactive asset chart displays data abpout the asset, including the date and time the events occurred, the number of events detected at a specific date and time, and the total number of events detected. 

call-out JImage Removedcall-out JImage Added

SearchEnter a search criterion in the Search text box. The Infoblox Portal will show all records that match the criterion.

call-out KImage Removedcall-out KImage Added

Filtering: Click the filter icon to open the filtering panel. In the filtering panel, the following filtering criteria can be filtered:

  • Asset IP: The IP address associated with a protected asset or device that has been affected or associated with an Insight. It provides information about the IP address or addresses associated with the asset and the date range of the first observed detection and the most recent observed detection on the network.
  • MAC: The Media Access Control address. It is a unique identifier assigned to a network interface controller (NIC) for communication on a network. MAC addresses are used to identify and locate devices on a network. In Insightful Reporting, MAC addresses are associated with assets and can be used as a filtering criterion to analyze and monitor network activity. 
  • OS/Version: The operating system and its version that is associated with the events and insights being analyzed. It helps in understanding the specific environment and potential vulnerabilities that may be exploited by threat actors. Unfortunately, the specific OS/Version information is not provided in the available sources.
  • ActionIf the action for the same Insight type is changed multiple times within one hour, then after one hour, only the latest action updated in the database will be applied to all the events that occurred during the past hour.

Image RemovedImage Added

ImageA detail view of the Create Filter options window.

call-out LImage Removedcall-out LImage Added

Asset information: The asset information provided includes the following:

  • Asset IP: Click Asset IP to see information about the IP address, including the IP address or addresses associated with the asset and the Date range (first observed detection date and last observed detection date) associated with the IP address. 
  • Image RemovedImage Added
    Image: A detail view of the IP addresses window.

  • UserThe individual or entity associated with an asset or device that has been affected or associated with an Insight. It represents the user who is using or responsible for the asset or device. The User information provides insights into the individuals or entities involved in the security DNS events and helps in identifying potential threats and taking appropriate actions.
  • Operating System: The operating system and its version that is associated with the events and insights being analyzed. It helps in understanding the specific environment and potential vulnerabilities that may be exploited by threat actors. Unfortunately, the specific OS/Version information is not provided in the available sources.
  • First Observation: The date and time the indicator was first observed on the network.
  • Last Observation: The date and time oif the last observation of the indicator on the network
  • Asset Location: Click the location link to view the locations asscoiated with the asset.
  • MAC: The MAC address associated with the asset.
  • OS/Version: Provides information about the OS and OS version associated with the asset.
  • Indicators: Click View All to see details about the indicator or indicators associated with the asset. The following information can be viewed:
    • INDICATOR: The name of the indicator associated with the asset.
    • ACTION: The type of action assigned to the asset. If the action for the same Insight type is changed multiple times within one hour, then after one hour, only the latest action updated in the database will be applied to all the events that occurred during the past hour.
    • RESEARCH IN DOSSIER: Click the Dossier link to view the Dossier Summary report associated with the Asset. For information on Dossier, see Dossier Threat Indicator Reports

Image RemovedImage Added
Image: A detail view of the Indicators window.

  • Threat Type: The category or classification of a threat based on the feeds used to detect it and its threat level. It provides information about the type of threat associated with an insight such as phishing, malware, or other supported categories.

call-out MImage Removedcall-out MImage Added

Total Assets: The number of assets associated with the insight. You can share and export the returned records or apply filters to display additional records. You can view the returned list of asset records by Most Active, Most Recent, or Not Blocked.

Info
titleKnown Issue

When Most Active or Most Recent filters are applied, the discovered assets will be sorted first, followed by the QIP assets.


call-out NImage Removedcall-out NImage Added

Observations: The insight's first and last observed dates and times.


call-out OImage Removedcall-out OImage Added

Sort byClick Sort by to sort by date. Click the up/down arrows to sort ascending or descending. 

The Sort by options menu.Image RemovedThe Sort by options menu.Image Added
Image: The Sort by options menu.call-out PImage Removed


call-out PImage Added

Exporting Indicators/Adding Indicators to a Custom List:

  1. Click the three horizontal dots icon to complete one of the following tasks: followed by clicking one of the following options: 
  2. Click Export to CSV to download the indicator record as a .csv file.
    Image RemovedImage Added
    Image: The Export options menu.


  3. Click Add Indicator(s) to Custom List.
  4. In the  Add to Custom List window you can select what custom list or lists to add the indicator or indicators. You can also remove indicators from a custom list or lists. Click Add to complete the Add to Custom List operation.
    Image RemovedImage Added
    Image: A detail view of the Add to Custom List window.

  5. In the  Add to Custom List window you can select what custom list or lists to add the indicator or indicators. You can also remove indicators from a custom list or lists.
  6. Click Add to complete the Add to Custom List operation.

For information on Custom lists, see  Managing Custom  Custom Lists.


Image RemovedImage Added

Expand/CloseClick the down-pointng arrow icon to expand the details panel where you can view detailed information associated with the selected Insight. Click the up-pointng arrow icon to close the details panel.

...

  • Background TasksClick the hourglass icon to open the side panel to view a list of all running background tasks. 

  • Search: Click the search icon in the Search text box, then enter your search criterion. 

  • Pagination Controls: At the bottom left, there are controls for navigating through different pages of insights, indicating that there is more data available beyond what is displayed on the current page. Click on the number of insight records to display on the page. The options include, 25, 50, or 100.
  • Click <Back to Console of Insights to return to the Open Insights console.