Dashboard

Updated 7 months ago by Sachit Soni

Introduction

Upon logging into the platform users will see the above Dashboard view, which immediately highlights the most current trends, insights, and report analytics.

This aids the user with three objectives:

  1. Download IOCs from Enclave reports that have the most relevant context.
  2. Identify Enclave reports that have the highest number of correlations with Community reports.
  3. Use Community Trends as a launch point for threat hunting.

 Enclave Insights

This main dashboard section includes enclave specific insights, including your most correlated enclave reports, the enclave reports most correlated with the TruSTAR community, and the most correlated enclave IOCs.

Each sub-panel contains specific enrichment relevant to your enclave. Hover over the info icons to learn more or click any item to begin a detailed investigation.

  • The Internal Enrichment panel lists reports from your Enclave that have the most correlations with other reports in the Enclave, effectively telling you which of your own cases have the recurring context that would be important.
  • The Community Enrichment panel lists reports from your Enclave that has the most correlations with reports in the TruSTAR Community, effectively telling you which reports have the most context with publicly shared threat data.
  • The Relevant IOCs panel lists indicators from your Enclave reports that have the most correlations.
Note: If you belong to multiple Enclaves, you can view Insights for a specific Enclave by selecting it from the dropdown list in this zone.

 Report Submissions

Zone 2 displays Submission Activity for both you, the individual user, and total activity in your Enclave. You can also view the report submission breakdown by channel, such as Station frontend, email ingest or API integrations.

 Community Trends

Zone 3 shows you trending information from the TruSTAR Community in 3 different ways.

  • The Trending IOCs panel shows the top five indicators that are being reported most often in the TruSTAR Community.
  • The Trending Malware panel shows the top five malware families that are being reported most often in the TruSTAR Community.
  • The Trending Vulnerabilities panel shows the top five CVEs from the Community.

Time Range

For each zone, you can select the time range that you are most interested in. The default time range is 7 days.


How Did We Do?