- 31 Aug 2022
- 3 Minutes to read
Cloud Built-In Dashboards
- Updated on 31 Aug 2022
- 3 Minutes to read
Public Cloud instances have access to four built-in dashboard options: My Dashboard, OSINT Overview, Operations Dashboard, and Source Analysis. Dedicated Cloud instances only have access to My Dashboard.
Choosing and Configuring a Dashboard
To toggle between dashboards, place the cursor over Dashboard on the top navigation bar and select a dashboard from the options in the menu that is displayed (Figure 1). The current default dashboard will have the word “Default” next to it.
The top strip of the dashboard displays the name of the dashboard in the center. Use the My Intel Sources selector at the upper-left corner of the screen to select the owners (i.e., Organizations, Communities, and Sources) whose data are to be displayed on the Dashboard screen (Figure 2).
To include data from your Organization, toggle the View <Organization name> slider on; to include data from a Community or Source, select the checkbox to the left of the Community or Source.
The Filter communities and Filter sources search bars allow you to filter the displayed Communities and Sources, respectively, which can be helpful if you want to select or deselect a particular set of Communities or Sources.
In addition, you can select a single Community or Source by hovering over its name and clicking only. Doing so will deselect all other owners automatically.
The number of selected owners is displayed to the right of the My Intel Sources text. When all owners have been selected, the selector will look the same as Figure 2. If one or more owners are not selected, a color-coded circle will be displayed at the upper-left corner of the selector.
- Red circle : No owners have been selected.
- Orange circle : Only one owner has been selected.
- Blue circle : Two or more, but not all, owners have been selected.
This element helps alert you to the fact that you might be viewing an “incomplete” set of data.
The Feed Explorer
The Feed Explorer is similar in function to the Feeds tab of TC Exchange™. This feature, available to all ThreatConnect users, is accessed by clicking Feed Explorer on the My Intel Sources selector. The Feed Explorer displays all active TC Exchange feeds, presenting them in a table with associated metric data derived from ThreatConnect’s Collective Analytics Layer (CAL™). A report card is also available for each feed, comparing the metrics for the feed with aggregated metrics for other feeds.
My Dashboard (Figure 3) provides a general overview of your data in ThreatConnect, including recently viewed items, open Tasks, top sources by observation and false positives, Indicator breakdown, latest intelligence, and top Tags.
OSINT Overview Dashboard
The OSINT Overview dashboard (Figure 4) provides a starting point for exploring context-rich sources in ThreatConnect, focusing on Groups rather than Indicators. This dashboard highlights the most recent Incidents in the Technical Blogs & Reports Source, which ingests over 100 different blogs, as well as the Common Community. Different Groups may be explored by navigating from this dashboard to the Browse screen or by searching for intelligence based on Common Vulnerabilities and Exposures (CVE®) data.
The Operations Dashboard (Figure 5) highlights new and trending information over the past week, including recently viewed items, recently observed Indicators, recently marked false positives, popular Tags (this week vs. last week), and trends in numbers of Groups and Indicators added over the past week.
Source Analysis Dashboard
The Source Analysis dashboard (Figure 6) provides a detailed breakdown of an intelligence source (i.e., Organization, Community, or Source) in ThreatConnect, including Indicator and Group types over the last 30 days, Indicators by Security Label, recent Source activity (broken down by observations, false positives, Tags, and Indicator and Group Attributes), recently added Indicators and Groups, and top Tags over the past week. Use the My Intel Sources selector to filter by a single Organization, Community, or Source in order to use this dashboard effectively.
ThreatConnect® is a registered trademark of ThreatConnect, Inc.
CAL™ and TC Exchange™ are trademarks of ThreatConnect, Inc.
CVE® (Common Vulnerabilities and Exposures) is a registered trademark of The MITRE Corporation.