Navigating the Report Panel in the New UI

Updated 6 days ago by Shimon Modi

Introduction

The primary goal of the report panel is to provide analysts with the most relevant context extracted from reports. The updated UI gives analysts a summary view of relevant details that have been extracted from the full report, additional details on extracted indicators (like sightings, last seen etc.) and take intel management actions like whitelisting indicators.

Read more about the context panel release here

Access New UI

To access the new UI click on a report, which will take you to the graph visualization view. On that page you will see a callout in the bottom - click on theTry Now! button to switch to the new UI.

Layout

Above the report header, the Breadcrumb Trail is a convenient way to track the previous detail pages you've visited whilst navigating the constellation graph.

Clicking on a graph node will append it to the left hand side of the breadcrumb trail, allowing you to quickly go back to that node by clicking on its respective breadcrumb.

Watch it in action:

Metadata

The top section of the report shows the title, submission date, update date, correlation count for that report.

If reports have a link to the original report from the Closed Source and Open Source you will see it on the right side under the label SOURCE REPORT.
Full Report Data

You can view the full report content by clicking on the expand icon in the top right corner. This will show the complete raw text of the report content.

Summary

The report summary shows a tabular format of the most relevant extracted details. These will vary from source to source and will could include details like risk or confidence score, actors associated, malware families associated, kill chain stages, relations reported etc. The goal is to display details that analysts would find most relevant to their analysis.

Summary tables are computed every hour and there could be a delay before it is available.
Summary tables are not available for all Closed Sources. You can find list of all Closed Sources for which summary tables are available here.
Tags

Users can use custom text tags to associate with reports and indicators. Tags are limited to 32 characters.

Notes

You can read more about this feature here.

Extracted Indicators

This section will list all extracted indicators. The top bar will show the number of extracted indicators. From here you can use the search bar to find a specific indicator from the list. You can also whitelist any of the extracted indicators.

Extracted Indicator - Card Front Side

All extracted indicators are shown as individual information cards. The logo of the intelligence source will be displayed along with any risk score/confidence score/malicious score provided by the source. The type and value of the indicator is also shown. On the far right side you will see two controls (1) the top control lets you flip the card to see its backside (2) the bottom control lets you find the indicator on the graph visualization.

Extracted Indicator - Card Back Side

The back side of each indicator card will display details of last seen, number of sightings, and number of user generated notes for that indicator. On the far right side you will see the same two controls described above.

We will be making continual updates to our UX and your feedback and we welcome questions and feedback on improvements. Please don’t hesitate to send us a quick note here.


How Did We Do?