Navigating the Report Panel in the New UI
The primary goal of the report panel is to provide analysts with the most relevant context extracted from reports. The updated UI gives analysts a summary view of relevant details that have been extracted from the full report, additional details on extracted indicators (like sightings, last seen etc.) and take intel management actions like whitelisting indicators.
Read more about the context panel release here
Access New UI
To access the new UI click on a report, which will take you to the graph visualization view. On that page you will see a callout in the bottom - click on theTry Now! button to switch to the new UI.
Above the report header, the Breadcrumb Trail is a convenient way to track the previous detail pages you've visited whilst navigating the constellation graph.
Clicking on a graph node will append it to the left hand side of the breadcrumb trail, allowing you to quickly go back to that node by clicking on its respective breadcrumb.
Watch it in action:
The top section of the report shows the title, submission date, update date, correlation count for that report.
Full Report Data
You can view the full report content by clicking on the expand icon in the top right corner. This will show the complete raw text of the report content.
The report summary shows a tabular format of the most relevant extracted details. These will vary from source to source and will could include details like risk or confidence score, actors associated, malware families associated, kill chain stages, relations reported etc. The goal is to display details that analysts would find most relevant to their analysis.
Users can use custom text tags to associate with reports and indicators. Tags are limited to 32 characters.
You can read more about this feature here.
This section will list all extracted indicators. The top bar will show the number of extracted indicators. From here you can use the search bar to find a specific indicator from the list. You can also whitelist any of the extracted indicators.
Extracted Indicator - Card Front Side
All extracted indicators are shown as individual information cards. The logo of the intelligence source will be displayed along with any risk score/confidence score/malicious score provided by the source. The type and value of the indicator is also shown. On the far right side you will see two controls (1) the top control lets you flip the card to see its backside (2) the bottom control lets you find the indicator on the graph visualization.
Extracted Indicator - Card Back Side
The back side of each indicator card will display details of last seen, number of sightings, and number of user generated notes for that indicator. On the far right side you will see the same two controls described above.
We will be making continual updates to our UX and your feedback and we welcome questions and feedback on improvements. Please don’t hesitate to send us a quick note here.