The Viewing Insight Threat Categories tab offers a detailed explanation of the Insight Threat Categories feature. It covers various aspects and functionalities of threat categories, including an overview of insights, the definition of threat categories, priority notifications, the option to share and export insight reports, the ability to research threats using Dossier, a comments section, and the capability to view and edit insights.
Image: A detailed view of the SOC Insights - Viewing Insight Threat Categories dashboard used for managing SOC insights. The Viewing Insight Threat Categories dashboard is designed to provide cybersecurity professionals with a clear and concise overview of potential threats, including details such as the threat level, description, and the ability to take further actions like sharing or exporting the information. The dashboard categorizes and prioritizes threats to aid in the management and response to cybersecurity incidents.
The Dashboard
Insight Summary: The Insight Summary includes a brief description of the Insight including the type of threat associated with the insight.
Threat Categories Definition: Threat categories show the feeds used to detect a threat as well as its threat level.
Priority Notification: The priority rating card displays the following information about the Insight:
- Priority: The Insight's priority level (High, Medium, Low, or Info).
- Date and time: The Insight's date and time of first detection and for its most recent detection. All times are adjusted to the local time zone.
Copy Insight: Click
to copy the insight to the clipboard.
Edit insight: Click
to change the status of an insight. nThe Insight Change Status window will appear. In the window, you can change the Insight status from Insight Open to Insight Close or Insight Close to Insight Open by toggling the status switch. Optionally, you can leave a comment in the text field at the time of the status change. Finally, you can read prior comments associated with the Insight. Click Save & Close to complete the Insight status change. Do note that the Save & Close button will not be accessible (it will be grayed out) until such time a status change has been made for the Insight.
: Click Share & Export to share a selected Insight within your organization. The Share Insight window will appear, allowing you to choose any or all information associated with an Insight. Raw logs can be downloaded in zip format while the Summary can be downloaded as a PDF by clicking Download.
Threat Category Panel: The threat category panel provides information about an Insight. The threat category panel displays the following information:
- Threat Indicator Category: Threat categories include phishing, malware, as well as other supported categories.
- Indicator(s) of Compromise: The record of indicators of compromise associated with an Insight. Clicking the link opens the Indicators pane. The Indicators pane displays information about the indicatpor(s) of compromise along with a link to the Insight's Dossier Summary report.
- Feed Source: The name of the feed where the Insight was first detected.
- Comments: Infoblox Cybersecurity comments related to the Insight.
Expand/Close: Click
to expand the details panel where you can view detailed information associated with the selected Insight. Click
to close the details panel.
You can also do the following on the page:
Background Tasks: Click
to open the side panel to view a list of all running background tasks. Search: Click
in the Search text box, then enter your search criterion. - Pagination Controls: At the bottom left, there are controls for navigating through different pages of insights, indicating that there is more data available beyond what is displayed on the current page. Click on the number of insight records to display on the page. The options include, 25, 50, or 100.
- Click <Back to Console of Insights to return to the Open Insights console.