SOC Insights Overview

The SOC Insights Overview dashboard provides detailed information about SOC Insights. This dashboard displays the SOC Insights data ingested via API only. To view data ingested through data connector (LEEF data), drill down to log activity is provided in all the panels.

There are three filters with labels “Time Range”, “Severity”, and “Insight Status” in the SOC Insigths Overview dashboard. The “Severity” and “Insight Status” filters are multiselect dropdowns. By default selected Time Range is “Last 24 Hours” and all other filters are set to “All”. 

• Insights by Severity: The “Insights by Severity” is a pie chart panel. It presents the count of each value of Severity of the SOC Insights.

• Insights by Type: The “Insights by Type” is a pie chart panel. It presents the count of each value of Type of the SOC Insights.

• Insights by Threat Family: The “Insights by Threat Family” is a pie chart panel. It presents the count of each value of threat family of the SOC Insights.

• Insights by Threat Class: The “Insights by Threat Class” is a pie chart panel. It presents the count of each value of threat class of the SOC Insights.

• Recent 1000 SOC Insights: The “Recent 1000 SOC Insights” is a table panel. It displays the recent 1000 SOC Insights details within the selected Timerange.

There will be redirection link to the Infoblox portal on the column name “Redirect to Infoblox” in the “Recent 1000 SOC Insights” table panel.

To view Assets, Events, Indicators and Comments navigate to the last Column of the “Recent 1000 SOC Insights” table panel. There will be four buttons with the named “Assets”, “Indicators”, “Events”, “Comments”. On clicking the button it will open Log activity to display latest 2000 respective metadata.

SOC Insights Dashboard