Dashboard

Last Updated: Jul 11, 2018 11:32PM EDT
User (System Administrator for creating, editing, and sharing System-level dashboards; Organization Administrator for setting Organization-level dashboards)
None

Overview

The Dashboard screen is the first screen displayed after a user logs into ThreatConnect®. It is the user’s control center for ThreatConnect. Public Cloud users can choose from three dashboards that provide different operational and analytical perspectives on a variety of data and metrics, including recent activity, active Incidents, open Tasks, Indicator trends, query results, and more. TC Manage, TC Analyze, and TC Complete customers can customize their dashboards to display the data they would like to see in the format in which they would like to see it. Each type of information is presented on a card whose location, format, colors, and type of graphic can be set according to the user’s or administrator’s preferences. Users can toggle between multiple dashboards, depending on what type and arrangement of data they would like to see.

Public Cloud Dashboards

Public Cloud provides four built-in dashboard options: My Dashboard, Source Analysis Dashboard, Operations Dashboard, and OSINT Overview.

Choosing and Configuring a Dashboard

To toggle between dashboards, place the cursor over DASHBOARD on the top navigation bar (Figure 1).

Select a Dashboard from the options in the menu that appears (Figure 2).

The top strip of the dashboard displays the name of the dashboard in the center (Figure 3).

Use the My ThreatConnect menu at the top left of the screen (Figure 4) to select the Organizations, Communities, and Sources whose data are to be displayed on the Dashboard screen.

My Dashboard

My Dashboard (Figure 5) is the default dashboard. It provides a general overview of a user’s data in ThreatConnect, including recently viewed items, open Tasks, top sources by observation and false positives, Indicator breakdown, latest intelligence, and top Tags.

Source Analysis Dashboard

The Source Analysis dashboard (Figure 6) provides a detailed breakdown of an intelligence source (i.e., Organization, Community, or Source) in ThreatConnect, including Indicator and Group type over the last 30 days, Indicators by Security Label, recent Source activity (broken down by observations, false positives, Tags, and Indicator and Group Attributes), recently added Indicators and Groups, and top Tags over the past week. Use the My ThreatConnect menu to filter by a single Organization, Community, or Source in order to use this dashboard effectively.

Operations Dashboard

The Operations dashboard (Figure 7) highlights new and trending information over the past week, including recently viewed items, recently observed Indicators, recently marked false positives, popular tags (this week vs. last week), and trends in numbers of Groups and Indicators added over the past week.

OSINT Overview Dashboard

The OSINT Overview dashboard (Figure 8) provides a starting point for exploring context-rich sources in ThreatConnect, focusing on Groups rather than Indicators. This dashboard highlights the most recent Incidents in the Technical Blogs & Reports Source, which ingests over 100 different blogs, as well as the Common Community. Different Groups may be explored by navigating from this dashboard to the Browse screen or by searching for intelligence based on Common Vulenrabilities and Exposures (CVE®) data.

Custom Dashboards

For instances in which custom dashboards have been enabled, the DASHBOARD option on the top navigation bar (Figure 1) will show a menu with three sections (Figure 9).

  • Shared Dashboards: This section displays all dashboards that have been shared throughout the Organization, including dashboards that have been created by the user and shared with others and dashboards that have been created by others and shared with the user.
  • System Dashboards: This section, when expanded, displays the three out-of-the-box dashboards provided to Public Cloud users, as well as any System-level dashboards created by the System Administrator of the ThreatConnect instance.
  • My Dashboards: This section displays all dashboards created by the current user.

Dashboard Creation and Administration

Dashboard Creation

Follow these steps to create a new dashboard:

  1. Click the + NEW DASHBOARD button under the DASHBOARD option on the top navigation bar (Figure 9). The Create a New Dashboard window will appear (Figure 10).
  2. Type in a name for the dashboard, and then click the SAVE button. The new dashboard will now appear with an area prompting the user to add the first card (Figure 11).

Adding Content to a Dashboard

To add a card to a dashboard, click the Add Your First Card box, or click the Plus icon at the top right of the screen. The Add New Card screen will appear with the Details step selected (Figure 12). Enter a title for the card in the Card Title box.

There are three kinds of cards that can be added to a dashboard: Widget, Metric, and Query.

Widget Card

Widget cards are predefined and cannot be configured, other than to adjust their size and position on the dashboard. Click on a type of Widget card and it will be added to the dashboard. For example, the Sources Widget card, showing a graphical representation of all Organizations, Communities, and Sources by Threat Rating and Confidence Rating of their Indicators, was added to the dashboard in Figure 13.

Metric Card

There are three types of Metrics available for display on dashboard cards: System Metrics, User Metrics, and Playbooks Metrics.

NOTE: Scroll down the Metric section of the Add New Card screen to view the full lists of User Metrics and Playbooks Metrics.

System Metrics are predefined by ThreatConnect and divided into three categories: Activities, Indicators, and Intelligence.

  • Activities provides a graphical representation of changes in activity (e.g., Observations, False Positives, Tags, Attributes, Average Indicator Confidence Rating) within the selected Owners over a period of time.
  • Indicators provides a graphical representation of the addition of five types of Indicator (URL, Email Address, File, Host, and Address), as well as enriched Indicators, within the selected Owners over a period of time.
  • Intelligence provides a graphical representation of the addition of Groups within the selected Owners over a period of time.

User Metrics are created by Organization Administrators and higher. See the ThreatConnect Organization Administration Guide for more information. Also see the Custom Metrics page of the ThreatConnect API documentation for information about how to retrieve, create, and delete custom Metrics via the API.

Playbooks Metrics provide a graphical representation of three metrics calculated by the Playbooks Return on Investment feature for all selected Playbooks: Playbook Execution Count, Playbook Financial Savings, and Playbook Hours Saved. See Playbooks: Return on Investment for more information.

Follow these steps to customize a Metric card:

  1. Click on a Metric listed in the Details step of the Add New Card screen. The Query step will appear (Figure 14). Configure the data for the card.
    • Owner Box: Select the Owner(s) whose data are to appear on the card. Slide the Inherit owners from dashboard button to the right to use all available Owners.
    • Sum Across Owners: This button may be disabled (slid to the left) if only one type of item in the Types menu or a single date has been selected.
    • Types: Use the dropdown menu to select which types of data should be displayed.
    • Date Range: Use the dropdown menu to select a date range for which data should be displayed.
    • Date Order: Use the dropdown menu to select whether the date should be displayed in ascending or descending order.
    • Short Date Format: For charts that display dates, slide the button to the right to display the dates in short date format.
    • Card Preview: This section displays a preview of the card.
    • Chart Type: Select the type of chart to display.
  2. Click the NEXT button.
  3. The Options step will appear (Figure 15). Configure the look of the card.
    • Color Scheme: Use the dropdown menu to select the color scheme for the card.
    • Scheme Type: Use the dropdown menu to select whether the color scheme should be ordinal or linear. This option appears only for types of charts for which it is relevant./li>
    • Chart Configuration: Use the checkboxes to customize how you want the chart to look. The available options change depending on the type of chart chosen in the previous step./li>
    • Card Width: Use the up and down arrows to choose a width for the card, or enter a number in the text box./li>
    • Card Height: Use the up and down arrows to choose a height for the card, or enter a number in the text box./li>
  4. Click the SAVE button.
  5. The card will now be displayed on the dashboard (Figure 16).
Query Card

Query cards display the results of ThreatConnect Query Language (TQL) queries. See Browse for more information on how to create and save queries and Using ThreatConnect Query Language (TQL) for more information on creating TQL queries.

Follow these steps to customize a Query card:

  1. Choose New Query or one of the Saved Queries listed in the Queries step of the Add New Card screen (Figure 12). The Query section will appear (Figure 17). Configure the data for the card.
    • Owner Box: Select the Owner(s) whose data are to appear on the card. Slide the Inherit owners from dashboard button to the right to use all available Owners.
    • Display Type: Select whether the query should appear as a Chart or a Datatable.
    • Query By: Use the dropdown menu to select the type of object that should be queried.
    • Advanced Query: Enter a TQL string to run an advanced query.
    • Grouping: Use the menus to choose the results groupings by top or bottom, number of results, and type of results.
    • Include Other: Click this checkbox box to include “Other” results.
    • Card Preview: This section displays a preview of the card.
    • Chart Type: Select the type of chart to display.
  2. Click the NEXT button.
  3. The Options step will appear (Figure 18). Configure the look of the card.
    • Color Scheme: Use the dropdown menu to select the color scheme for the card.
    • Scheme Type: Use the dropdown menu to select whether the color scheme should be ordinal or linear. This option appears only for types of charts for which it is relevant.
    • Chart Configuration: Use the checkboxes to customize how you want the chart to look. The available options change depending on the type of chart chosen in the previous step.
    • Card Width: Use the up and down arrows to choose a width for the card, or enter a number in the text box.
    • Card Height: Use the up and down arrows to choose a height for the card, or enter a number in the text box.
  4. Click the NEXT button.
  5. The card will now be displayed on the dashboard (Figure 19).

Editing Dashboard Layout

Follow these steps to edit the location and sizes of dashboard cards:

  1. To unlock a dashboard for editing, click the Locked  icon at the top right of the dashboard so that it becomes the Unlocked  icon. Cards on a locked dashboard have a white background (Figure 20). Cards on an unlocked dashboard have a gray strip at the top (Figure 21).
  2. NOTE: If there is no Locked or Unlocked icon at the top right of a dashboard, the user does not have permission to edit that dashboard. Instead, the user may make copy the dashboard and then edit that copy. See the “Dashboard Administration” section later in this article.

  3. To move a card, click in the gray strip at the top of the card and drag it to another location.
  4. To resize the width of a card, hover the cursor over the right-hand margin of the card until it turns into a horizontal double arrow. Drag the side of the card to the desired width.
  5. To resize the height of a card, hover the cursor over the bottom margin of the card until it turns into a vertical double arrow. Drag the bottom of the card to the desired height.
  6. To lock a dashboard against editing, click the Unlocked  icon at the top right of the dashboard so that it becomes the Locked  icon.

Editing Dashboard Cards

Follow these steps to edit an individual card:

  1. Hover the cursor over the top right of the card to be edited. The Actions menu will appear (Figure 22).
  2. NOTE: Cards may be edited regardless of whether the dashboard is locked or unlocked.

  3. To edit the content of the card, click the Edit option. The Query step of the Add New Card screen (Figure 14 and Figure 17) for that card will appear. Both the Query and Options steps can be edited.
  4. To rename the card, click the Rename option on the Actions menu (Figure 22). The Rename Card window will appear (Figure 23). Enter a new name for the card, and then click the SAVE button.
  5. To delete a card, click the Remove option on the Actions menu (Figure 22). The Remove Card window will appear (Figure 24). Click the CONFIRM button to delete the card.
  6. To change the Owners whose data are calculated in the card, click the Manage Owners option. The Manage Owners for Card screen will appear (Figure 25). Select or deselect Owners, and then click the DONE button.
  7. NOTE: To change Owners for the data displayed in all the cards on the dashboard, use the MY THREATCONNECT menu at the top left of the dashboard to select or deselect Owners.

Dashboard Administration

Dashboard administration features are found by hovering the cursor over the vertical ellipsis icon at the top right corner of the dashboard screen (Figure 26).

A subset of these options may appear in the menu, depending on the user’s role and ownership of the dashboard. For example, only an Organization Administrator will be able to set a dashboard as the Organization Default Dashboard, and only a user who has created a dashboard will be able to rename, share, or delete it. To modify a dashboard that another user has created, including System-level dashboards, make a copy of the dashboard and then edit that copy.

NOTE: Only shared dashboards can be set as the Organization Default Dashboard.

CVE® is a registered trademark of The MITRE Corporation.

20044-07 EN Rev. A

Contact Us

  • ThreatConnect, Inc.
    3865 Wilson Blvd.
    Suite 550
    Arlington, VA 22203

    Toll Free:   1.800.965.2708
    Local: +1.703.229.4240
    Fax +1.703.229.4489

    Email Us



https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete