Nodes
You can hover over all the nodes in the Visualizer to view summary information about a rule, device, indicator or connector line. Click a node to open the Quick View panel on the right side of the page. Right-click a node to open a context menu.
Detector nodes
Hover over a detector node to view related information about the detection such as the detector's Category, Severity, Confidence rating as well as the number of Active and Resolved Detections. The detector and its impacted devices are also highlighted.
Device nodes
Hover over a device node, to view the device IP address. If you hover over a device group, the list of IP addresses is shown. The device group and related detections will be highlighted.
Right-click a device node to show/hide the label or the node, add an annotation, or mute the device
Indicator node
Hover over an indicator node to view the indicator and to highlight related detections and devices.
Right-click an Indicator node to show/hide the label or the node, or add an annotation.
Connector lines
Hover over the connector lines to view summary information pertaining to what the line connects, such as the indicators, device IPs, and/or detections. Related devices, detections, or indicators will be highlighted.
Right-click a connector line to resolve the detection or mute the device for that detector. If any node is a group or can be grouped, you will have an option to Expand (ungroup) or Collapse (regroup) the set of nodes.
Quick views
Click a node in the Visualizer to open the Quick View panel at the right side of the screen. Quick Views display summary information as well as a series of detail-view options and actions. The available options and actions will vary depending on the type of node selected.
|
Summary |
Provides a summary of the detection and corresponding devices along with options to access further details: |
|
Software |
Displays the Version, Events, First Seen and Last Seen for the software detected on the device. |
|
Indicators |
Displays the Indicators list. |
|
Accounts |
Displays the Account, User, First Seen, Last Seen and Service detected on the device. |
|
DHCP |
Displays the Dynamic Host Configuration Protocol. |
|
Detections |
Shows a list of detections, each citing the date and time it was last seen and the impacted account;
|
|
PDNS |
Displays the Passive DNS/ |
|
Query |
Displays the query. |
|
Virus Total |
Displays the total number of viruses detected. |
|
WHOIS |
Provides registered domain information. |