The Viewing Closed Insights - Threats View page provides functionality and workflows similar to the Open tab, allowing users to view and manage closed insights. It displays information about closed insights, including priority level, status action/notification, last observation date and time, and a brief description of the insight. Users can investigate closed insights, view IDS settings, close services or policies associated with the insight, and access recommendations for security policy optimization. The page also includes features such as filtering, selecting multiple insights, expanding/collapsing the details pane.

The Threats view is displayed by default on the dashboard page but users can toggle between Threats and Configuration views. The Insight Settings pane allows assigning actions to Insight types like "Nothing," "Add to Allow List," or "Add to Block List." Additionally, users can edit or close insights from this page.

The Threats view is displayed by default. To view the Configuration view, see the Threats View/Configuration View section on this page.

Image: A detailed view of the Closed Insights - Threats dashboard that provides information about "Closed Insights," which are security incidents or issues that have been resolved. The dashboard serves as a tool for cybersecurity professionals to review and manage previously identified and resolved security threats and configuration issues. It offers functionalities to organize, search, and review details about the resolved issues for data-keeping or analysis purposes.

The Dashboard

Open/Closed: Click OPEN to view open insights. Click CLOSED top view closed Insights. 

Threats/Configurations View: The default page displays threat view information about insights observed on your network. The Threats view is displayed by default on the Insights dashboard page. Click Configuration to view configuration information for insights. Click on either Threats or Configuration to toggle between the two views. Note: The Threats and Configuration pages are available on a license basis.

Insight Status: Click Insight Status > Move to Open after selecting one or more open insights. The moved insights will populate the Open Insights page. 

You can confirm the status change of selected insights by verifying hey have been moved to the 225673481 page.

Expand All/Collapse All: Click Expand All to expand the details pane for all Insights. Conversely, click Collapse All to collapse the details pane. Alternatively, you can use the up/down arrows to open and close the details pane for an Insight. 

Sort by: Click Sort by to see the list of Insights sorted by date, priority, or type. 

Search: Enter a search criterion in the Search text box. The Cloud Services Portal will show all records that match the criterion.

Filtering: Click to open and close the filtering panel. Clickto display the filter option drop-down menu.

From the drop-down menu, you can select specific filter attributes to run search on. Filter query attributes include the following:

• Type: The insight type. 
• Priority: The insight priority level. Filtering options include Critical, High, Medium. Low, or Info.   
• Feed Source: The insight feed source.
• Category: The insight category.

Multiple filter types can be selected simultaneously. 

Insight Settings: Click Insight Settings to open the Insight Settings pane. In the Insight Settings pane, actions can be assigned to Insight types. If the action for the same Insight type is changed multiple times within one hour, then after one hour, only the latest action updated in the database will be applied to all the events that occurred during the past hour. See the Insight Settings section for further information.

If the action for the same Insight type is changed multiple times within one hour, then after one hour, only the latest action updated in the database will be applied to all the events that occurred during the past hour.

Sort by: Click Sort by to see the list of Insights sorted by date, priority, or type. 

Select All/Unselect All: Click Select all to select all insights. Alternatively, you can deselect all selected insights by clicking Deselect All. 

Details Pane (default and expanded view): The Details pane displays information about insights on your network: See the Details Pane section for further information.

Investigate Insight: Click Investigate Insight to initiate an investigation and view Insight Summary, Assets, Indicators, Event,Comments, and Threat Categories pages. Each page displays important information about insights detected on your network.

Editing/Closing Insights: Clickto move the selected insight to closed or to edit the selected insight. 

Editing an Insight

1. To edit an Insight, do the following:
2. Click followed by clicking Edit Insight to begin the insight editing process. 
   
   
   
3. In the edit pane, toggle the insight Open switch to the left to close the insight. In the comments field, provide information as a closing comment for the insight.  
   
   
4. Click Save & Close. 

Closing an Insight

1. To close an Insight, do the following:
2. Clickfollowed by clicking Move to Closed Insight. 

The selected insight will be moved to the Closed insight list.

Expand/Close: Click to expand the details panel where you can view detailed information associated with the selected Insight. Clickto close the details panel.

Threats and Configuration Views

The Threats view is displayed by default on the Insights dashboard page. Click Threats or Configuration to toggle between the two views. The Threats and Configuration pages are available on a license basis.

The Insight Threats view displays the following information associated with a selected Insight:

• Priority: The priority level of the insight. 
• Infoblox's Status Action/Notification: Provides information about the Insight along with recommended actions. If the action for the same Insight type is changed multiple times within one hour, then after one hour, only the latest action updated in the database will be applied to all the events that occurred during the past hour.
• Last Observation: The time and date the insight was last detected on the network.
• Description: A detailed description of the Insight.
• Investigate Insight: Investigate multiple contributing factors for the reported Insight. 

The Insight Configuration view displays the following information associated with a selected Insight:

• Priority: The priority level of the insight. Priorty level 
• Last Observation: The time and date the insight was last detected on the network.
• Investigate Insight: Investigate multiple contributing factors for the reported Insight. 
• View IDS: Allows you to view or investigate Insight settings.
• Close Service or Policy: Allows you to close a service or policy associated with the Insight.
• Insight Recommendations: Insight recommendations are based on best practices for security policies configuration and optimization.
• Security Policy: Displays security policy optimization issues and errors.
• View DFP Services: Displays DNS Failover Configuration check failed issues and errors.

Image: The Closed Insights dashboard page - Configuration view. The dashboard displays information about open insight records. 

The Configuration view displays the following information associated with a selected Insight:

Priority: The insight priority level. Priority levels reported include Critical, High, Medium. Low, or Info.

Status Action/Notification: The status/notification of the Insight along with recommended actions. If the action for the same Insight type is changed multiple times within one hour, then after one hour, Only the latest action updated in the database will be applied to all the events that occurred during the past hour.

Last Observation: The time and date the insight was last detected on the network. Additionally, information on the number of days the insight has been active on the network is provided. 

View IDS: Click View or Investigate to Insight settings. 

Clickto close a service or policy the Insight is associated with. Or for the purposes of investigation, copy the link to share with others in your organization.

Click to open the details panel Click to close the details panel. 

Insight Recommendations: Insight recommndations are provided by the Infoblox Cybersecurity anf threat investigation teams based on best practices for security policies configuration and security policy precedence and identified issues with security policy optimization. 

• Security Policy: For security policy optimization issues, you will be taken to the Security Policies page in the Cloud Services Portal (Policies > Security Policies). Security policy errors will be displayed in the Security Policy Needs Optimization pane. The Security Policy Needs Optimization pane displays the following information:
  • POLICY NAME: The name of the policy needing optimization. Note: Click on a policy name to navigate to the security policy needing attention in the Cloud Services Portal. 
  • POSSIBLE ERROR: A brief description of the potential error.
  • INSIGHT ID: The Insight's identification. 

• View DFP Services: For DFP service optimization issues, you will be taken to the DNS Failover Configuration check failed pane in the Cloud Services Portal (Infrastructure > Services). DFP service errors will be displayed in the DNS Failover Configuration check failed pane. The DNS Failover Configuration check failed pane displays the following information:
  • SERVICE NAME: The name of the service needing optimization. Note: Click on a service name to navigate to the service needing attention in the Cloud Services Portal. 
  • POSSIBLE ERROR: A brief description of the potential error.
  • INSIGHT ID: The Insight's identification. 

• Investigate Insight: To investigate the selected insight, you will be taken to the Insight Summary page. 
  
  

Status Action/Notification (detailed report): The detailed action notification identifies potential weaknesses and issues with your insight configuration and advises on how to remedy identifies problems. 

The Details Pane

The Closed Insights Details pane displays information associated with the selected Insight. The information includes priority level, insight type, last observation date and time, active days, definition, creation date, feed source, categorizations, and an interactive event chart.

Image: The Closed Insights - Threats View Details Details pane (normal view). The Details pane displays information about the selected insight.

The default Details pane displays the following information for the selected Insight. 

Priority: The priority level of the insight. Priority levels reported include Critical, High, Medium. Low, or Info.

Type: The insight type.

Last Observation: The time and date the insight was last detected on the network. Additionally, information on the number of days the insight has been active on the network is provided. 

Investigate Insight: Click Investigate Insight to be taken to the Summary page where an investigation of the insight begins. For information, see Viewing the Insight Summary. 

Clickfollowed by clicking Move to Open to close a selected insight or click Edit to edit the selected insight. For information on editing an Insight, see the Edit Insight section.

Click to expand the details pane.

Image: The Closed Insights - Threats View Details Details pane (expanded view). The Details pane displays information about the selected insight.

The expanded view for the Details pane displays the following information for the selected Insight. 

Priority: The priority level of the insight.

Type: The insight type.

Last Observation: The time and date the insight was last detected on the network. Additionally, information on the number of days the insight has been active on the network is provided. 

Investigate Insight: Click Investigate Insight to be taken to the Summary page where an investigation of the insight begins. For information, see Viewing the Insight Summary.  

Clickfollowed by clicking Move to Close to close a selected insight, or click Edit to edit the selected insight. For information on editing an Insight, see the Edit Insight section.

Click to return to the details pane default view. 

Selecting insights: Place a check in the checkbox next to an open insight to select it. Once selected, click Insight Status followed by clicking Move to Open to update and change the insight status.  to closed. you can close the insight.

Event chart: An event chart visually the frequency and quantity of identified events occurring during the past 31 days in a columnar chart.

Description: A brief definition of the documented Insight. 

Creation Date: The insight's original time and date of creation.

Feed Source: The unique threat indicator(s) associated with the threat, such as domain(s) or IP address(s). 

Categorizations: A list of all l threat categories associated with the DNS queries on the network. 

Insight Settings

In the Insight Settings pane you can assign each insight type an action.

Click Insight Settings to open the Insight Settings pane. In the Insight Settings pane, actions can be assigned to Insight types. See the Insight Settings section for further information. The types of Action options which can be applied include: Nothing, Add to Allow List, and Add to Block List. If the action for the same Insight type is changed multiple times within one hour, then after one hour, only the latest action updated in the database will be applied to all the events that occurred during the past hour.

Image: The Insight Settings panel displaying Insight Types and Actions. 

The types of Action options which can be applied include Nothing, Add to Allow List, and Add to Block List.

Editing Insights

To edit an Insight, do the following:

1. Clickfollowed by clicking Edit Insight to begin the insight editing process. 
   
   
   
   
2. in the edit pane, toggle the insight Open switch to the left to close the insight. In the comments field, provide information as a closing comment for the insight.  
   
3. Click Save & Close. 

You can also do the following on the page: 

• Background Tasks: Click  to open the side panel to view a list of all running background tasks. 

• Search: Clickin the Search text box, then enter your search criterion. 
• Pagination Controls: At the bottom left, there are controls for navigating through different pages of insights, indicating that there is more data available beyond what is displayed on the current page. Click on the number of insight records to display on the page. The options include, 25, 50, or 100.