Skip to content

Threat Summary

Overview

The overview dashboard is an excellent setup to monitor a variety of variables that influence organizational threat hunt tasks. The data collected in the overview dashboard helps in continuous monitoring of indicators that determines whether there is an eminent cyber threat existing in the network.

Go to Dashboard > Threat Hunt Dashboard > Summary

ce-xdr-navigation-threat-summary

Alerts Over Time

The "Alert Over Time" graph shows the number of alerts against the selected interval of time.

ce-xdr-alerts-over-time

Top Alerting Devices

The "Top Alerting Devices" table shows the data of Top alerting devices in the selected interval of time. This table contains Device Name/Host Name for Mapped/Unmapped devices respectively, the Username, and Allowed/Blocked/Malware count.

ce-xdr-top-alerting-devices

Top Alerting Countries

The "Top Alerting Country" graph shows the top 10 list of countries and their respective alert count in the selected interval of time. Whereas, the table shows the top 10 list of IPs, their respective country and alert count.

ce-xdr-top-alerting-countries

Malware

The "Malware" graph shows the top 10 Malware and their respective count in the selected interval of time.

ce-xdr-malware

Top SIDs

This pie chart shows the top SIDs triggered in the Crystal Eye XDR network. Signature Identity (SID) is a unique identification number auto assigned to an IDPS Policy rule. These rules are conceptualised and created by the security operations team of Red Piranha to provide context to the Intrusion Detection & Protection (IDPS) mechanism of the Crystal Eye XDR.

ce-xdr-top-sid

One of the most important functions of the IDPS signature rules is to specify the component of the network traffic that the system must inspect to detect attacks. An IDPS action is triggered if a rule is matched with specific pre-defined attack patterns. The IDPS system performs the assigned action which helps in protecting the Crystal Eye network.