1 Executive Dashboard
Summary
TLDRThe Blue Safari dashboard provides a comprehensive overview of your organization's security environment. It tracks key metrics like the number of events ingested, device activity, and security alerts. Critical data includes the host session count, alert timelines, case status, and an organization's risk score. It also highlights mean times to detect and respond, offering insights into the platform's efficiency. Risk entities are assessed through scores based on device behavior and ongoing threat activity. Additionally, the dashboard visualizes real-world attacker tactics, helping teams understand and respond to potential threats.
Takeaways
- ๐ The Blue Safari dashboard provides real-time insights into your organization's security landscape, focusing on data from the past 24 hours.
- ๐ The 'Event Data' section displays the total number of logs received from all onboarded devices, offering a snapshot of data volume and system activity.
- ๐ 'Host Session' tracks the unique devices or endpoints contributing to security logs, providing insight into machine engagement across your environment.
- ๐ 'Detections' show the number of triggered security alerts, helping identify threats that need immediate attention based on predefined rules and threat intelligence.
- ๐ 'Alerts by Timeline' offers a chronological view of alerts, helping to identify patterns or spikes in activity over time.
- ๐ 'Cases' represent security incidents generated by SOCK analysts from triggered alerts, with detailed statuses (assigned, in progress, closed) and a severity breakdown.
- ๐ The 'Organization Risk Score' evaluates the overall security posture, factoring in log volume, alert severity, device behavior, and threat activity patterns.
- ๐ 'Mean Time to Detect' measures how quickly the platform detects suspicious activity after logs are ingested, with a focus on improving detection speed.
- ๐ 'Mean Time to Respond' tracks how promptly the SOCK team responds to detected alerts, from the time of detection to the start of action.
- ๐ The 'Risk Entity Table' lists hosts, processes, and users with associated risk scores, highlighting potential threats based on detected events and behavior.
- ๐ 'Miter Attack Visualization' maps real-world attacker behavior, displaying observed tactics (e.g., lateral movement, pre-authentication access) and techniques in your environment.
Q & A
What does the number of events ingested represent in the Blue Safari dashboard?
-The number of events ingested represents the total logs received from all devices that have been successfully onboarded to the Blue Safari platform. It reflects the volume of data being processed in real-time, ensuring critical activities are analyzed.
What is the purpose of the 'host session' panel on the Blue Safari dashboard?
-The 'host session' panel shows the number of unique devices or endpoints reported. This indicates which machines have contributed to the events being observed, helping to track device activity across the environment.
How are security alerts triggered in Blue Safari?
-Security alerts are triggered based on predefined rules and threat intelligence. These alerts highlight potential incidents requiring attention from security teams.
What does the 'alerts by timeline' panel provide?
-The 'alerts by timeline' panel offers a chronological view of security alerts, allowing users to identify patterns or spikes in activity over time. This helps in tracking ongoing security trends.
What is the significance of the 'cases' section in Blue Safari?
-The 'cases' section summarizes cases generated by SOCK analysts based on triggered alerts. It provides a breakdown of case statuses (assigned, in progress, or closed) and severity, giving a comprehensive view of incident management.
What does the 'organization risk score' represent in the dashboard?
-The organization risk score is a key metric that evaluates the overall risk posture of the organization. It's calculated based on factors such as the volume of logs, alert severity, device behavior, anomalies, and detected threat patterns.
How does the 'mean time to detect' (MTTD) metric work?
-The 'mean time to detect' measures the average time taken by the alert engine to analyze incoming logs, correlate them with threat intelligence, and trigger a relevant alert. A lower MTTD indicates quicker detection of suspicious activity.
What is the 'mean time to respond' (MTTR) metric in Blue Safari?
-The 'mean time to respond' tracks the average time taken for the SOCK team to act after an alert is triggered. It measures how promptly analysts respond to incidents after detection.
What information is provided by the 'risk entity table' in Blue Safari?
-The 'risk entity table' displays a list of hosts along with their associated risk scores. These scores quantify the potential security risk posed by each host, process, and user based on detected events within the environment.
What is the role of the 'attack visualization maps' in the Blue Safari dashboard?
-The 'attack visualization maps' illustrate real-world attacker behaviors, showing both the tactics (what the attacker is trying to achieve) and the techniques (how they are doing it) observed across the environment. This helps visualize and understand ongoing threats.
Outlines

This section is available to paid users only. Please upgrade to access this part.
Upgrade NowMindmap

This section is available to paid users only. Please upgrade to access this part.
Upgrade NowKeywords

This section is available to paid users only. Please upgrade to access this part.
Upgrade NowHighlights

This section is available to paid users only. Please upgrade to access this part.
Upgrade NowTranscripts

This section is available to paid users only. Please upgrade to access this part.
Upgrade NowBrowse More Related Video

Keamanan Data SI Pertemuan 4 RZK

iPhoneโs Secret Data Collection: Stop Apple From Spying on You!

smrtPhone Tutorial #15 - smrtPhone Overview & How to use smrtPhone

MATERI LAYANAN KLASIKAL LANJUTAN TOPIK INFORMASI KETENAGAKERJAAN (Part.1)

Introduction to risk management frameworks

SOC Analyst Interview Questions
5.0 / 5 (0 votes)