Dashboard

Last Updated: Oct 22, 2019 11:21AM EDT
User (System Administrator for creating, editing, and sharing System-level dashboards; Organization Administrator for setting Organization-level dashboards)
None

Overview

The Dashboard screen is the first screen displayed after a user logs into ThreatConnect®. It is the user’s situational awareness center for ThreatConnect. Customers with the appropriate product level can create and customize dashboards to suit their needs. Cloud users can choose from four built-in dashboards that provide different operational and analytical perspectives on a variety of data and metrics, including recent activity, active Incidents, open Tasks, Indicator trends, query results, and more. Each type of information is presented on a card whose location, format, colors, and type of graphic can be set according to the user’s or administrator’s preferences. Users can toggle between multiple dashboards, depending on what type and arrangement of data they would like to see.

Cloud Built-In Dashboards

Cloud provides four built-in dashboard options: OSINT Overview, My Dashboard, Operations Dashboard, and Source Analysis.

Choosing and Configuring a Dashboard

To toggle between dashboards, place the cursor over Dashboard on the top navigation bar (Figure 1).

Select a dashboard from the options in the menu that is displayed (Figure 2). The dashboard that is currently being viewed will appear in orange text, and the current default dashboard will have the word “Default” next to it.

The top strip of the dashboard displays the name of the dashboard in the center (Figure 3).

Use the MY INTEL SOURCES selector at the top left of the screen to select the Organizations, Communities, and Sources whose data are to be displayed on the Dashboard screen (Figure 4).

The number of selected Organizations, Communities, and Sources is displayed in parentheses next to the MY INTEL SOURCES selector. When all Organizations, Communities, and Sources have been selected, the selector will appear as in Figure 4. When no Organizations, Communities, or Sources have been selected, the selector will display a red dot at the top left (Figure 5). This element helps customers be aware that they might be viewing an “incomplete” set of data.

When only one Organization, Community, or Source has been selected, the selector will display an orange dot at the top left (Figure 6).

When two or more, but not all, Organizations, Communities, or Sources have been selected, the selector will display a blue dot at the top left (Figure 7).

OSINT Overview Dashboard

The OSINT Overview dashboard (Figure 8) provides a starting point for exploring context-rich sources in ThreatConnect, focusing on Groups rather than Indicators. This dashboard highlights the most recent Incidents in the Technical Blogs & Reports Source, which ingests over 100 different blogs, as well as the Common Community. Different Groups may be explored by navigating from this dashboard to the Browse screen or by searching for intelligence based on Common Vulnerabilities and Exposures (CVE®) data.

My Dashboard

My Dashboard (Figure 9) provides a general overview of a user’s data in ThreatConnect, including recently viewed items, open Tasks, top sources by observation and false positives, Indicator breakdown, latest intelligence, and top Tags.

Operations Dashboard

The Operations dashboard (Figure 10) highlights new and trending information over the past week, including recently viewed items, recently observed Indicators, recently marked false positives, popular tags (this week vs. last week), and trends in numbers of Groups and Indicators added over the past week.

Source Analysis Dashboard

The Source Analysis dashboard (Figure 11) provides a detailed breakdown of an intelligence source (i.e., Organization, Community, or Source) in ThreatConnect, including Indicator and Group type over the last 30 days, Indicators by Security Label, recent Source activity (broken down by observations, false positives, Tags, and Indicator and Group Attributes), recently added Indicators and Groups, and top Tags over the past week. Use the MY INTEL SOURCES selector to filter by a single Organization, Community, or Source in order to use this dashboard effectively.

Custom Dashboards

For instances in which custom dashboards have been enabled, the Dashboard option on the top navigation bar (Figure 1) will show a menu with four sections (Figure 12).

  • Shared Dashboards: This section displays all dashboards that have been shared throughout the Organization, including dashboards that have been created by the user and shared with others and dashboards that have been created by others and shared with the user.
  • My Dashboards: This section displays all dashboards created by the current user.
  • System Dashboards: This section, when expanded, displays the built-in dashboards available to the user, as well as any System-level dashboards created by the System Administrator(s) of the ThreatConnect instance.
  • + New Dashboard: This button is used to create a new dashboard, as described in the next section.

Dashboard Creation and Administration

Dashboard Creation

Follow these steps to create a new dashboard:

  1. Click the + New Dashboard button under the Dashboard option on the top navigation bar (Figure 12). The Create a New Dashboard window will be displayed (Figure 13).
  2. Type in a name for the dashboard, and then click the SAVE button. The new dashboard will now be displayed with an area prompting the user to add the first card (Figure 14).

Adding Content to a Dashboard

To add a card to a dashboard, click the Add Your First Card box, or click the Plus icon at the top right of the screen. The Add New Card screen will be displayed with the Details step selected (Figure 15). Enter a title for the card in the Card Title box.

There are three kinds of cards that can be added to a dashboard: Widget, Metric, and Query.

Widget Card

Widget cards are predefined and cannot be configured, other than to adjust their size and position on the dashboard. Click on a type of Widget card and it will be added to the dashboard. For example, the Sources Widget card, showing a graphical representation of all Organizations, Communities, and Sources by Threat Rating and Confidence Rating of their Indicators, was added to the dashboard in Figure 16. Hover the cursor over an area on the graph to view a tooltip with specific information about the data represented there.

Metric Card

There are three types of Metrics available for display on dashboard cards: System Metrics, User Metrics, and Playbooks Metrics.

NOTE: Scroll down the Metric section of the Add New Card screen to view the full lists of User Metrics and Playbooks Metrics.

System Metrics are predefined by ThreatConnect and divided into three categories: Activities, Indicators, and Intelligence.

  • Activities provides a graphical representation of changes in activity (e.g., Observations, False Positives, Tags, Attributes, Average Indicator Confidence Rating) within the selected Owners over a period of time.
  • Indicators provides a graphical representation of the addition of five types of Indicator (URL, Email Address, File, Host, and Address), as well as enriched Indicators, within the selected Owners over a period of time.
  • Intelligence provides a graphical representation of the addition of Groups within the selected Owners over a period of time.

User Metrics are created by Organization Administrators and higher. See the ThreatConnect Organization Administration Guide for more information. Also see the Custom Metrics page of the ThreatConnect API documentation for information about how to retrieve, create, and delete custom Metrics via the API.

Playbooks Metrics provide a graphical representation of three metrics calculated by the Playbooks Return on Investment feature for all selected Playbooks: Playbook Execution Count, Playbook Financial Savings, and Playbook Hours Saved. See Playbooks: Return on Investment for more information.

Follow these steps to customize a Metric card:

  1. Click on a Metric listed in the Details step of the Add New Card screen. The Query step will be displayed (Figure 17). Configure the data for the card.
    • Owner Box: Select the Owner(s) whose data are to be displayed on the card. Keep the Inherit owner selections from My Intel Sources slider toggled to orange to use all available Owners. Once any owner has been deselected, the slider will automatically toggle to gray.
    • Sum Across Owners: Multiple metric types must be summed across all selected owners. This feature may be disabled (by toggling the slider to gray) if only one type of item in the Types menu or a single date from the Date Range menu has been selected.
    • Types: Use the dropdown menu to select which types of data should be displayed.
    • Date Range: Use the dropdown menu to select a date range for which data should be displayed.
    • Date Order: Use the dropdown menu to select whether the date should be displayed in ascending or descending order.
    • Short Date Format: For charts that display dates, toggle the slider to orange to display the dates in short date format.
    • Card Preview: This section displays a preview of the card.
    • Chart Type: Select the type of chart to display.
  2. Click the NEXT button.
  3. The Options step will be displayed (Figure 18). Configure the look of the card.
    • Color Scheme: Use the dropdown menu to select the color scheme for the card.
    • Scheme Type: Use the dropdown menu to select whether the color scheme should be ordinal or linear. This option is displayed only for types of charts for which it is relevant.
    • Chart Configuration Checkboxes: Use the checkboxes to customize the look of the chart. The available options change depending on the type of chart chosen in the previous step. In this example (sparkline chart), the Disable Tooltips checkbox is the only element in this section, but if, for example, a line chart is selected in the previous step, then checkboxes for configuring the chart’s axes, legend, gridlines, and gradient will also be displayed.
    • Card Width: Use the up and down arrows to choose a width for the card, or enter a number in the text box.
    • Card Height: Use the up and down arrows to choose a height for the card, or enter a number in the text box.
  4. Click the SAVE button.
  5. The card will now be displayed on the dashboard (Figure 19). Hover the cursor over an area on the graph to view a tooltip with specific information about the data represented there. (This functionality will not be available if the Disable Tooltips checkbox has been selected.)
Query Card

Query cards display the results of ThreatConnect Query Language (TQL) queries. See Browse for more information on how to create and save queries and Using ThreatConnect Query Language (TQL) for more information on creating TQL queries.

Follow these steps to customize a Query card:

  1. Choose New Query or one of the Saved Queries listed in the Queries step of the Add New Card screen (Figure 15). The Query section will be displayed (Figure 20). Configure the data for the card.
    • Owner Box: Select the Owner(s) whose data are to be displayed on the card. Keep the Inherit owner selections from My Intel Sources slider toggled to orange to use all available Owners. Once any owner has been deselected, the slider will automatically toggle to gray.
    • Display Type: Select whether the query should be displayed as a Chart or a Datatable.
    • Query By: Use the dropdown menu to select the type of object that should be queried.
    • Advanced Query: Enter a TQL string to run an advanced query.
    • Grouping: Use the dropdown menu on the left to group the results by top or bottom and the spinner to determine the number of results to display (e.g., Top 25; Bottom 10). Use the dropdown menu on the right to select the type of results to display.
    • Include “Other”: Select this checkbox to include an “Other” category that groups together the rest of the results outside of the selections made in the Grouping section. For example, if Top 10 Tags have been selected in the Grouping section and the Include “Other” checkbox is selected, then in addition to the 10 Tags, there will be an “Other” element (e.g., bar in a bar graph) that aggregates the results of the rest of the Tags.
    • Card Preview: This section displays a preview of the card.
    • Chart Type: Select the type of chart to display.
  2. Click the NEXT button.
  3. The Options step will be displayed (Figure 21). Configure the look of the card.
    • Color Scheme: Use the dropdown menu to select the color scheme for the card.
    • Scheme Type: Use the dropdown menu to select whether the color scheme should be ordinal or linear. This option is displayed only for types of charts for which it is relevant.
    • Chart Configuration Checkboxes: Use the checkboxes to customize the look of the chart. The available options change depending on the type of chart chosen in the previous step.
    • Card Width: Use the up and down arrows to choose a width for the card, or enter a number in the text box.
    • Card Height: Use the up and down arrows to choose a height for the card, or enter a number in the text box.
    • Chart Configuration Spinners: Use the up and down arrows on the spinners to adjust the given dimension of the chart, or enter a number in the text box. The available options change depending on the type of chart chosen in the previous step. In this example (vertical bar chart), the Bar Gap Size spinner is the only element in this section, but if, for example, a gauge chart is selected in the previous step, then checkboxes for configuring a number of elements, including the minimum, maximum, and start angle, will also be displayed. For other types of charts, there are no elements in this section.
  4. Click the NEXT button.
  5. The card will now be displayed on the dashboard (Figure 22). Hover the cursor over an area on the graph to view a tooltip with specific information about the data represented there. (This functionality will not be available if the Disable Tooltips checkbox has been selected.)

Editing Dashboard Layout

Follow these steps to edit the location and sizes of dashboard cards:

  1. To unlock a dashboard for editing, click the Locked icon at the top right of the dashboard so that it becomes the Unlocked icon. Cards on a locked dashboard have a white background (Figure 23). Cards on an unlocked dashboard have a gray strip at the top (Figure 24).
  2. NOTE: If there is no Locked or Unlocked icon at the top right of a dashboard, the user does not have permission to edit that dashboard. Instead, the user may make copy the dashboard and then edit that copy. See the “Dashboard Administration” section later in this article.

  3. To move a card, click in the gray strip at the top of the card and drag it to another location.
  4. To resize the width of a card, hover the cursor over the right-hand margin of the card until it turns into a horizontal double arrow. Drag the side of the card to the desired width.
  5. To resize the height of a card, hover the cursor over the bottom margin of the card until it turns into a vertical double arrow. Drag the bottom of the card to the desired height.
  6. To lock a dashboard against editing, click the Unlocked icon at the top right of the dashboard so that it becomes the Locked icon.

Editing Dashboard Cards

Follow these steps to edit an individual card:

  1. Hover the cursor over the top right of the card to be edited. The Actions menu will be displayed (Figure 25).
  2. NOTE: Cards may be edited regardless of whether the dashboard is locked or unlocked.

  3. To edit the content of the card, click the Edit option. The Query step of the Add New Card screen (Figure 17 and Figure 20) for that card will be displayed. Both the Query and Options steps can be edited.
  4. To rename the card, click the Rename option on the Actions menu (Figure 25). The Rename Card window will be displayed (Figure 26). Enter a new name for the card, and then click the SAVE button.
  5. To delete a card, click the Remove option on the Actions menu (Figure 25). The Remove Card window will be displayed (Figure 27). Click the CONFIRM button to delete the card.
  6. To change the Owners whose data are calculated in the card, click the Manage Owners option. The Manage Owners for Card screen will be displayed (Figure 28). Select or deselect Owners, and then click the DONE button. If the Inherit owner selections from My Intel Sources slider is toggled to orange, then data from all available owners will be used.
  7. NOTE: To change Owners for the data displayed in all the cards on the dashboard, use the MY INTEL SOURCES selector at the top left of the dashboard to select or deselect Owners.

  8. The presence of the icon to the right of the Actions menu, as in Figure 29, indicates that the Inherit owner selections from My Intel Sources slider for that card is currently toggled to gray (i.e., not all available owners have been selected).

Dashboard Administration

Dashboard administration features are found by hovering the cursor over the vertical ellipsis icon at the top right corner of the Dashboard screen (Figure 30).

A subset of these options may be displayed in the menu, depending on the user’s role and ownership of the dashboard. For example, only an Organization Administrator will be able to set a dashboard as the Organization Default Dashboard, and only a user who has created a dashboard will be able to rename, share, or delete it. To modify a dashboard that another user has created, including System-level dashboards, make a copy of the dashboard and then edit that copy.

NOTE: Only shared dashboards can be set as the Organization Default Dashboard.

CVE® is a registered trademark of The MITRE Corporation.

20044-09 EN Rev. A

Contact Us

  • ThreatConnect, Inc.
    3865 Wilson Blvd.
    Suite 550
    Arlington, VA 22203

    Toll Free:   1.800.965.2708
    Local: +1.703.229.4240
    Fax +1.703.229.4489

    Email Us



https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete