Security analysts today are overloaded with information, and when it comes to threat mitigation every second counts. We must arm operators with tools that will help them make faster, more informed decisions.
Enter TruSTAR Dashboard, a handy visual tool we’ve designed to address this operational challenge. The goal of Dashboard is to provide you with consolidated information that allows you to identify trends and relevant information easily.
We received a lot of positive feedback from our users about the Insights panel and how it is an effective launching point for identifying trending reports and IOCs from the community.
Dashboard brings the power of Insights front and center, and incorporates trending information from your Enclaves as well. From now when you log into TruSTAR you will see the Dashboard as your home screen.
Navigating TruSTAR Dashboard
The Dashboard layout is divided into three zones. For each zone you can select the time range that you are most interested in. The default time range is seven days.
Zone 1 - Enclave Insights - Three panels that show you the important insights from your own Enclave.
Internal Enrichment - Find reports from your Enclave that have the most correlations with other reports in the Enclave - effectively telling you which of your own cases have recurring context that would be important.
Community Enrichment - Find reports from your Enclave that have most correlations with reports in the TruSTAR Community, effectively telling you which reports have most context being added by reports in the Community.
Relevant IOCs - Find indicators from your Enclave reports that have most correlations.
Note: If you belong to multiple Enclaves you can select a specific Enclave by selecting it from the dropdown list in this zone.
Zone 2 - Community Trends - Trending information from the TruSTAR Community in three different ways.
Trending IOCs - Top Five indicators that are being reported most often in the TruSTAR Community.
Trending Malware - Top Five malware families that are being reported most often in the TruSTAR Community.
Trending Vulnerabilities - Top Five CVEs from the Community.
Zone 3 - Report Submission - A display of Submission Activity for both you, the individual user, and total activity in your Enclave. You can also view the breakdown by submission channel, such as Station frontend, email ingest or API integrations.
How can Dashboard help me?
1. Download IOC’s from Enclave reports that have the most relevant context.
2. Identify Enclave reports that have highest number of correlations with community reports faster.
3. Use Community Trends as a launch point for threat hunting.
Dashboard Product Roadmap
This is only the first in a series of steps we are taking towards quickly surfacing relevant information for our users. In the upcoming months, we will be releasing additional panels to the Dashboard and eventually give you the ability to personalize it by only keeping elements of the Dashboard that you feel are most important for your workflow. We would love to hear from you about additional analytics and trends that you would like to see on the Dashboard.
Want a personal tour through TruSTAR Dashboard? Contact us.