Cloud Built-In Dashboards
  • 31 Aug 2022
  • 3 Minutes to read
  • Dark
    Light

Cloud Built-In Dashboards

  • Dark
    Light

Public Cloud instances have access to four built-in dashboard options: My Dashboard, OSINT Overview, Operations Dashboard, and Source Analysis. Dedicated Cloud instances only have access to My Dashboard.

Choosing and Configuring a Dashboard

To toggle between dashboards, place the cursor over Dashboard on the top navigation bar and select a dashboard from the options in the menu that is displayed (Figure 1). The current default dashboard will have the word “Default” next to it.

Graphical user interface, text, application, chat or text message  Description automatically generated

 

The top strip of the dashboard displays the name of the dashboard in the center. Use the My Intel Sources selector at the upper-left corner of the screen to select the owners (i.e., Organizations, Communities, and Sources) whose data are to be displayed on the Dashboard screen (Figure 2).

Graphical user interface, text, application  Description automatically generated

 

Note
A My Orgs list will be displayed in place of the View <Organization name> slider for Super Users, which allows them to select the Organizations whose data are to be displayed on the card.

To include data from your Organization, toggle the View <Organization nameslider on; to include data from a Community or Source, select the checkbox to the left of the Community or Source.

Note
To select all Communities and Sources, select the checkbox to the left of the Filter communities and Filter sources search bar, respectively. Similarly, clear the checkbox to the left of the Filter communities and Filter sources search bar to deselect all selected Communities and Sources, respectively.

The Filter communities and Filter sources search bars allow you to filter the displayed Communities and Sources, respectively, which can be helpful if you want to select or deselect a particular set of Communities or Sources.

In addition, you can select a single Community or Source by hovering over its name and clicking Icon  Description automatically generated only. Doing so will deselect all other owners automatically.

Note
Super Users can select a single Organization by hovering over the Organization’s name and clicking Icon  Description automatically generated only. Doing so will deselect all other owners automatically.

The number of selected owners is displayed to the right of the My Intel Sources text. When all owners have been selected, the selector will look the same as Figure 2. If one or more owners are not selected, a color-coded circle will be displayed at the upper-left corner of the selector.

  • Red circleIcon  Description automatically generated : No owners have been selected.
  • Orange circleIcon  Description automatically generated : Only one owner has been selected.
  • Blue circleIcon  Description automatically generated : Two or more, but not all, owners have been selected.

This element helps alert you to the fact that you might be viewing an “incomplete” set of data.

The Feed Explorer

The Feed Explorer is similar in function to the Feeds tab of TC Exchange™. This feature, available to all ThreatConnect users, is accessed by clicking Feed Explorer on the My Intel Sources selector. The Feed Explorer displays all active TC Exchange feeds, presenting them in a table with associated metric data derived from ThreatConnect’s Collective Analytics Layer (CAL™). A report card is also available for each feed, comparing the metrics for the feed with aggregated metrics for other feeds.

My Dashboard

My Dashboard (Figure 3) provides a general overview of your data in ThreatConnect, including recently viewed items, open Tasks, top sources by observation and false positives, Indicator breakdown, latest intelligence, and top Tags.

Graphical user interface, table  Description automatically generated

 

OSINT Overview Dashboard

The OSINT Overview dashboard (Figure 4) provides a starting point for exploring context-rich sources in ThreatConnect, focusing on Groups rather than Indicators. This dashboard highlights the most recent Incidents in the Technical Blogs & Reports Source, which ingests over 100 different blogs, as well as the Common Community. Different Groups may be explored by navigating from this dashboard to the Browse screen or by searching for intelligence based on Common Vulnerabilities and Exposures (CVE®) data.

Graphical user interface, application  Description automatically generated

 

Operations Dashboard

The Operations Dashboard (Figure 5) highlights new and trending information over the past week, including recently viewed items, recently observed Indicators, recently marked false positives, popular Tags (this week vs. last week), and trends in numbers of Groups and Indicators added over the past week.

Graphical user interface  Description automatically generated

 

Source Analysis Dashboard

The Source Analysis dashboard (Figure 6) provides a detailed breakdown of an intelligence source (i.e., Organization, Community, or Source) in ThreatConnect, including Indicator and Group types over the last 30 days, Indicators by Security Label, recent Source activity (broken down by observations, false positives, Tags, and Indicator and Group Attributes), recently added Indicators and Groups, and top Tags over the past week. Use the My Intel Sources selector to filter by a single Organization, Community, or Source in order to use this dashboard effectively.

Graphical user interface, chart, treemap chart  Description automatically generated

 


ThreatConnect® is a registered trademark of ThreatConnect, Inc.
CAL™ and TC Exchange™ are trademarks of ThreatConnect, Inc.
CVE® (Common Vulnerabilities and Exposures) is a registered trademark of The MITRE Corporation.

20044-02 v.15.A


Was this article helpful?