The Explore screen lets you easily navigate through the latest reports and instantly access meta information like the number of IOCs extracted, excerpts of report content, correlation counts, time of submission, and other relevant high-level information. All results are sorted in chronological order, and there are new filters to help you refine your search results based on all available sources for enrichment and tags.
When you click on a report of interest you will be taken to the Analysis screen with link analysis visualization. To reduce distraction, our graphs visualizations now has its own panel with updated controls for manipulating the visualization. You can drill down on analyses, filter out irrelevant nodes and adjust the timeline of correlations based on your requirements—all within a single panel.
Enclaves are visible and categorized as:
- My Enclaves - Enclaves for which you have Write/Update privileges
- Closed Source - Enclaves with threat intelligence from sources that require credentials or special access
- Open Source - Enclaves with threat intelligence from publicly available sources
This view will bring the Enclaves you regularly use to the top of your list. You can also toggle the filter for the entire group with a single click.
For example, you may not be interested in seeing reports from open source intelligence in the Explore view. By unchecking the “Open Source” option (see Figure 2) all Open Source reports will be filtered out from the list view.
Figure 3 is an example of search results for the malware "WANNACRY." Users are presented with relevant IOCs and Incident reports in the enclaves selected for search.