The Dashboard highlights the most current trends, insights, and report analytics. From the Dashboard, you can
- Download IOCs from Enclave reports that have the most relevant context.
- Identify Enclave reports that have the highest number of correlations with Community reports.
- Use Community Trends as a launch point for threat hunting.
The top section displays enclave-specific insights. If you have multiple enclaves, you can choose which enclave to explore by selecting it from the dropdown list in the upper right corner.
Each panel contains specific enrichment relevant to your enclave. You can hover over the info icons to learn more or click any item to begin a detailed investigation.
- The Internal Enrichment panel lists reports from the enclave that have the most correlations with other reports in that enclave. This shows which of your cases have recurring context.
- The Community Enrichment panel lists reports from the enclave that has the most correlations with reports in the TruSTAR Community so that you can quickly see which reports have the most context with publicly shared threat data.
- The Relevant IOCs panel lists IOCs from your enclave reports that have the most correlations.
The Report Submissions area displays reporting activity for both you and the selected enclave. You can also view the report submission breakdown by channel, such as Station frontend, email ingest or API integrations.
The Community Trends area displays trending information from the TruSTAR Community in three different ways.
- Trending IOCs shows the top five indicators reported most frequently by the TruSTAR Community.
- Trending Malware shows the top five malware families reported most often in the TruSTAR Community.
- Trending Vulnerabilities shows the top five CVEs from the TruSTAR Community.
For each section of the dashboard, you can select the time range to use. The default time range is three days.