Storyboard

elopezsa edited this page Sep 21, 2016 · 1 revision

###Purpose and Audience This section contains a walk-through of the Storyboard analyst view. The intended audience is Security Analysts responsible for reviewing the results for potential threats.

###Walk-through

  1. Select the option Flow > Storyboard from Open Network Insight Menu.

  1. Your view should look something like this, depending on the IP's you have analyzed on the Threat Analysis for that day. You can select a different date from the calendar.

3. Review the results:

Executive Threat Briefing
Data source file: threats.csv
Executive Threat Briefing lists all the incident titles you entered at the Threat Investigation notebook. You can click on any title and the additional information will be displayed.

Clicking on a threat from the list will also update the additional frames.

Incident Progression
Data source file: dendro-<ip>.json
Frame located in the top right of the Storyboard Web page

Incident Progression displays a tree graph (dendrogram) detailing the type of connections that conform the activity related to the threat. When network context is available, this graph will present an extra level to break down each type of connection into detailed context.

Impact Analysis
Data source file: stats-<ip>.json

Impact Analysis displays a horizontal bar graph representing the number of inbound, outbound and two-way connections found related to the threat. Clicking any bar in the graph, will break down that information into its context.

Map View | Globe
Data source file: globe_<ip>.json

Map View Globe will only be created if you have a geolocation database. This is intended to represent on a global scale the communication detected, using the geolocation data of each IP to print lines on the map showing the flow of the data.

Timeline
Data source file: sbdet-<ip>.json

Timeline is created using the resulting connections found during the Threat Investigation process. It will display 'clusters' of inbound connections to the IP, grouped by time; showing an overall idea of the times during the day with the most activity. You can zoom in or out into the graphs timeline using your mouse scroll.

Input files

threats.csv
threat-dendro-${id}.json
stats-${id}.json
globe-${id}.json
sbdet-${id}.tsv  
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.