Open Insights - Configurations provide information on your insight security settings and features, allowing you to review and adjust them accordingly to ensure your detection systems are working at their optimum. 

The "Viewing Open Insights - Configuration View" page  provides comprehensive documentation on the Insights dashboard, its settings, and editing capabilities. The dashboard offers a detailed overview of threats and configurations observed on a network, including open insights, expiring insights, priority levels, active insights with donut chart visualization based on threat types and more. Users can monitor and manage detected threats from the Open Insights dashboard by closing them as needed. Additionally, the page allows for toggling between Threats and Configuration views, selecting multiple insights for further examination or action assignment. 

Image: A detailed view of the Open Insights - Confguration dashboard with a focus on policy checks and configuration insights. The dashboard is designed to inform the user of various security policy issues that have been detected within their system, offering both a high-level overview and the ability to drill down into detailed recommendations and best practices for optimization and resolution. The dashboard assists users in enhancing their cybersecurity posture effectively. 

The Dashboard

Open/Closed: Click OPEN to view open insights. Click CLOSED to view closed Insights. 

Threats/Configurations View: The default page displays threat view information about insights observed on your network. The Threats view is displayed by default on the Insights dashboard page. Click Configuration to view configuration information for insights. Click on either Threats or Configuration to toggle between the two views. Note: The Threats and Configuration pages are available on a license basis.

Expand All/Collapse All: Click Expand All to expand the details panel for all Insights. Conversely, click Collapse All to collapse the details panel. See the Details Panel section for further information. 

Click Select all to select all insights. Alternatively, you can deselect all selected insights by clicking Deselect All. Alternatively, you can select multiple insights by placing a check in the checkbox next to the insight or insights you are interested in examoning further. 

View Policies: Click View Policies to go to the Security Policy page.. On the Security Policy page, you can view security policies associated with the insight. 

Insight Settings: Click Insight Settings to open the Insight Settings pane. In the Insight Settings pane, actions can be assigned to Insight types. If the action for the same Insight type is changed multiple times within one hour, then after one hour, only the latest action updated in the database will be applied to all the events that occurred during the past hour. See the Insight Settings section for further information.

Details Panel (default view): The default view of the Details panel displays the following information about insights on your network:

• Priority: The priority level of the insight. l 
• Status Action/Notification: Provides information about the Insight along with recommended actions. If the action for the same Insight type is changed multiple times within one hour, then after one hour, only the latest action updated in the database will be applied to all the events that occurred during the past hour.
• Last Observation: The time and date the insight was last detected on the network.
• Investigate Insight/View Policies/View DFP Services: Clicking the button associated with an insight allows the investigation or viewing of policies/services associated with the insight. 
• View IDS: Allows you to view or investigate Insight settings.
• Close Service or Policy: Allows you to close a service or policy associated with the Insight.
  
  

Details Panel (expanded view): The expanded view of the details panel displays the following information associated with a selected Insight:

• Priority: The priority level of the insight.  
• Status Action/Notification: Provides information about the Insight along with recommended actions. If the action for the same Insight type is changed multiple times within one hour, then after one hour, only the latest action updated in the database will be applied to all the events that occurred during the past hour.
• Last Observation: The time and date the insight was last detected on the network.
• Investigate Insight/View Policies/View DFP Services: Click the associated link to do one of the following: 
  • Investigate Insight: Click Investigate Insight to investigate the selected insight, you will be taken to the Insight Summary page. 
  • View  Policies: For security policy optimization issues, you will be taken to the Security Policies page in the Infoblox Portal (Configuration > Security > Policies). Security policy errors will be displayed in the Security Policy Needs Optimization pane. The Security Policy Needs Optimization pane displays the following information:
    • POLICY NAME: The name of the policy needing optimization. Note: Click on a policy name to navigate to the security policy needing attention in the Infoblox Portal. 
    • POSSIBLE ERROR: A brief description of the potential error.
    • INSIGHT ID: The Insight's identification. 

The Policy Check information posted in the SOC Insight report is sent to the security policy affected. To view the security policy for a selected Policy Check report, click the View Policies link located in the Our Recommendation section of the Policy Check report. 

Image: The Security Policy Optimization window. 

• View DFP Services: For DFP service optimization issues, you will be taken to the DNS Failover Configuration check failed pane in the Infoblox Portal (Configure > Service Deployment > Protocol Service). DFP service errors will be displayed in the DNS Failover Configuration check failed pane. The DNS Failover Configuration check failed pane displays the following information:
  • SERVICE NAME: The name of the service needing optimization. Note: Click on a service name to navigate to the service needing attention in the Infoblox Portal. 
  • POSSIBLE ERROR: A brief description of the potential error.
  • INSIGHT ID: The Insight's identification. 

 
Image: The DFP Servics window. 

• View IDS: Allows you to view or investigate Insight settings.
• Notifications: Insight notification providing a more thorough information and explanation of the insight and issues pertaining to it. An explanatory video will guide through the process of resolving any issues associated with the insight.  
• Close Service or Policy: Allows you to close a service or policy associated with the Insight.
• Insight Recommendations: Insight recommendations are provided by the Infoblox cybersecurity and threat investigation teams based on best practices for security policies configuration and security policy precedence and identified issues with security policy optimization. 
  
  

Click the three horizontal dots icon to close a service or policy associated with the Insight. Or for the purposes of investigation, copy the link to share with others in your organization.

Expand/Close: Click the down-pointing arrow icon to expand the details panel where you can view detailed information associated with the selected Insight. Click the up-pointing arrow icon to close the details panel.

You can also do the following on the page: 

• Background Tasks: Click the hourglass icon  to open the side panel to view a list of all running background tasks. 

• Search: Click the search icon in the Search text box, then enter your search criterion. 
• Pagination Controls: At the bottom left, there are controls for navigating through different pages of insights, indicating that there is more data available beyond what is displayed on the current page. Click on the number of insight records to display on the page. The options include, 25, 50, or 100.

Threat Feed Missing

If a threat feed is missing from your configuration, you will receive the following notification on the Configuration page. The notificaton will provide details about the missing feed.To add the missing feed to your policy, click Investigate Insight to view additional information about the missing feed along with information on how to add it to your policy. It may take up to 24 hours for the system to reflect the updated feed configuration.