The Dashboard highlights the most current trends, insights, and Intel Report analytics.
From the Dashboard, you can select an Enclave and then perform these actions:
- Download Indicators from Intel Reports that have the most relevant context.
- Identify Intel Reports that have the highest number of correlations with Community Intel Reports.
- Use Community Trends as a launch point for threat hunting.
The top section of the Dashboard displays Enclave-specific insights. If you have multiple Enclaves, you can choose which Enclave to explore by choosing it from the Select Enclave dropdown list at the top of the Dashboard.
Each panel of the Dashboard contains specific enrichment relevant to your Enclave. You can hover over the info icons to learn more or click any item to begin a detailed investigation.
- The Internal Enrichment panel lists Intel Reports that have the most correlations with other reports in that Enclave. This shows which of your cases have recurring context.
- The Community Enrichment panel lists Intel Reports that has the most correlations with Intel Reports in the TruSTAR Community so that you can quickly see which reports have the most context with publicly shared threat data.
- The Relevant IOCs panel lists Indicators that have the most correlations.
This area displays reporting activity for both you and the selected Enclave. You can also view the Intel Report submission breakdown by how the information was submited, such as WebApp, email ingest, or API integrations.
The Community Trends area displays trending information from the TruSTAR Community in three different ways.
- Trending IOCs shows the top five Indicators reported most frequently.
- Trending Malware shows the top five malware families reported most often.
- Trending Vulnerabilities shows the top five CVEs reported.
For each section of the Dashboard, you can select the time range to use. The default time range is three days.