Document toolboxDocument toolbox

Viewing Insight Threat Categories

Owned by Gary Leicht
Last updated: Sept 17, 2024
4 min read

The Viewing Insight Threat Categories tab offers a detailed explanation of the Insight Threat Categories feature. It covers various aspects and functionalities of threat categories, including an overview of insights, the definition of threat categories, priority notifications, the option to share and export insight reports, the ability to research threats using Dossier, a comments section, and the capability to view and edit insights.

A detailed view of the SOC Insights - Viewing Insight Threat Categories dashboard

Image: A detailed view of the SOC Insights - Viewing Insight Threat Categories dashboard used for managing SOC insights. The Viewing Insight Threat Categories dashboard is designed to provide cybersecurity professionals with a clear and concise overview of potential threats, including details such as the threat level, description, and the ability to take further actions like sharing or exporting the information. The dashboard categorizes and prioritizes threats to aid in the management and response to cybersecurity incidents.

The Dashboard


call-out A

Insight SummaryThe Insight Summary includes a brief description of the Insight including the type of threat associated with the insight. 

call-out B

Threat Categories Definition: Threat categories show the feeds used to detect a threat as well as its threat level.

call-out C

Priority Notification: The priority rating card displays the following information about the Insight:

  • Priority: The Insight's priority level (High, Medium, Low, or Info).
  • Date and time: The Insight's date and time of first detection and for its most recent detection. All times are adjusted to the local time zone.

call-out D


Insight ID: Roll over the truncated Insight ID displayed on the page to view the full-length Insight ID number in a tool tip.

call-out E

Copy Insight: Clickthe copy icon to copy the insight to the clipboard.

call-out F

Edit insight: Click the edit icon to change the status of an insight. nThe Insight Change Status window will appear. In the window, you can change the Insight status from Insight Open to Insight Close or Insight Close to Insight Open by toggling the status switch. Optionally, you can leave a comment in the text field at the time of the status change. Finally, you can read prior comments associated with the Insight. Click Save & Close to complete the Insight status change. Do note that the Save & Close button will not be accessible (it will be grayed out) until such time a status change has been made for the Insight.   
 
  Image: A detail view of the Edit Insight window. 

call-out G

Share & Export OptionsClick Share & Export to share a selected Insight within your organization. The Share Insight window will appear, allowing you to choose any or all information associated with an Insight. Raw logs can be downloaded in zip format while the Summary can be downloaded as a PDF by clicking Download

 
  Image: A detail view of the Share Insight window. 

call-out H

Threat Category Panel:  The threat category panel provides information about an Insight. The threat category panel displays the following information:

  • Threat Indicator Category: Threat categories include phishing, malware, as well as other supported categories.
  • Indicator(s) of Compromise: The record of indicators of compromise associated with an Insight. Clicking the link opens the Indicators pane. The Indicators pane displays information about the indicatpor(s) of compromise along with a link to the Insight's Dossier Summary report. 


  Image: A detail view of the Indicators window. 

  • Feed Source: The name of the feed where the Insight was first detected. 
  • Comments: Infoblox Cybersecurity comments related to the Insight. 

call-out I

Expand/CloseClick the down-pointing arrow icon to expand the details panel where you can view detailed information associated with the selected Insight. Click the up-pointing arrow icon to close the details panel.


You can also do the following on the page: 

  • Background TasksClick the hourglass icon to open the side panel to view a list of all running background tasks. 

  • Search: Click the search icon in the Search text box, then enter your search criterion. 

  • Pagination Controls: At the bottom left, there are controls for navigating through different pages of insights, indicating that there is more data available beyond what is displayed on the current page. Click on the number of insight records to display on the page. The options include, 25, 50, or 100.
  • Click <Back to Console of Insights to return to the Open Insights console.