Navigate a Visualization
Top Tool Bar
- Search nodes within the graph.
- Filter graph indicators.
- Toggle labels on nodes in the graph.
- Undo node expansion or deletion.
- Redo node expansion or deletion.
- Refresh the graph.
- Save edited graph as a Case that can be shared with colleagues.
- Export all indicators in the graph.
The timeline allows the user to limit the date range of a given threat in view. To adjust the time range, click and hold one of the end caps and slide to the desired point. Users may also “time box” a search and then slide that window of time to see how the threat evolved and grew over time.
For example, in a constellation that has reports and indicators that date back for a year, the user could “time box” the timeline to two months and then slide from the beginning of the time period to the present to see threat growth over time.
There are two types of nodes in the graph.
The first is the indicator of compromise (IOC) nodes.
In the TruSTAR platform these indicators act as the connectors between incident reports which are the second type of node in the graph seen here:
These report nodes are labeled with sector acronyms from which the report was submitted. A grey report node indicates that a Community report correlates via a common IOC(s), to a report submitted to the user’s private Enclave.
Current List of Sectors
- IT - Information Technology (Cloud services, MSPs, Tech, etc.)
- FS - Financial Services
- ENG - Energy
- RTL - Retail
- ONG - Oil & Natural Gas
- EDU - Education
- MED - Medical
Report nodes can be expanded in order to gain further context, IOCs, and hunt for new TTPs. Double click on a report node to expand it. To undo that expansion users can use Ctrl-Z (Cmd-Z on Mac) or click the undo button above the Timeline slider bar at the bottom of the graph.
Nodes and indicators can also be deleted individually or in multiples by selecting the nodes and hitting the delete key. Deletions can also be undone via Ctrl-Z (Cmd-Z on Mac) or clicking the undo button above the Timeline slider bar at the bottom of the graph.
Right clicking a node will now open shortcut options for:
This allows the user to filter for specific terms or indicators in the exposed constellation they are viewing. It won’t search reports or indicators beyond what is visible.
When performing a filter here, only nodes with entries matching the search term will be in color. All other nodes will be greyed out.