Triage workboard
The Triage workboard provides a starting point for your campaign and host threat investigation workflows. Use the widgets on this page to gain rapid access to the currently active campaigns and hosts affected with open threats. These widgets allow you to quickly triage malicious incursions into your network.
There are two main widgets, Active campaigns in my network and Hosts in my network, plus your assigned campaigns (My work) and links to other important tools (Quick actions).
At the top of the page is the portal settings widget.
Active campaigns in my network
The Active campaigns in my network widget provides an overview of the campaigns currently active in your network, surfacing the most critical unassigned campaigns for immediate action.
Across the top of the widget are status indicators: All active campaigns, Unassigned, High impact unassigned, and Med/low unassigned. The or icons and the number next to them indicate if there has been an increase or decrease in the number of threats seen compared with the previous time range. Some of the indicators have links. Clicking one of these links will take you to the Campaigns page with a filtered list of Campaign cards.
The Top 5 open, unassigned campaigns section allows easy access to the most urgent campaigns from the campaign list.
The campaigns are displayed in miniature cards similar to the Campaign cards. Each card shows the threat level, the Campaign ID, the current attack stage of the campaign, and the number of hosts ( ), and the number of threats ( ). Click on the Campaign ID or anywhere in the card to access the campaign details.
Hosts in my network
The Hosts in my network widget displays the open threats encountered by the hosts in your networks.
Across the top of the widget are status indicators: Monitored hosts, Hosts with threats, and High impact open. The status indicators indicate the total number of hosts detected throughout the current time range in each category. The or icons and the number next to them indicate if there has been an increase or decrease in the number of hosts seen compared with the previous time range. Some of the indicators have links. Clicking one of these links will take you to the Hosts page. Depending on the link, different filters are applied.
The Open top threats widget provides a graphical overview of the immediate threats detected on the hosts in you network. Its display works in the same manner as the graph in the Detected threats widget.
My work
The My work widget lists the most urgent campaigns assigned to you. By default, it displays your top few campaigns. If necessary, you can scroll down to see the complete list.
A campaigns entry consists of the following:
-
Campaign impact — The threat level of the campaign. Your assigned campaigns are ordered with the highest threat level first.
-
Campaign ID — Click the ID link to go to the Campaign details page page.
The campaign start date is displayed below the campaign ID.
-
Campaign status — Displays the status of the campaign.
Quick actions
The Quick actions widget contains a number of buttons, each a shortcut link to an interesting action.
- Explore Your network
-
Click this button to go to the Network explorer page.
- Create Event suppression rules
-
Click this button to go to the Alert management rules tab.
- Create Custom network detection rules
-
Click this button to go to the Network analysis rules tab.
- Create Threat intel detection rules
-
Click this button to go to the Matching rules page.
- Configure Sensors and sensor groups
-
Click this button to go to the Sensors tab.
- Configure User notifications
-
Click this button to go to the Notifications page.
- Configure Home network configuration
-
Click this button to go to the Home network tab.
- Configure AWS credentials
-
Click this button to go to the AWS credentials tab.
To access the quick action links, your account needs the following permissions:
can_access_kibana
can_manage_appliances
can_manage_custom_intel
can_manage_label