Current ThreatQ Version Filter
 

Indicator Analytics Dashboard

The Indicator Analytics dashboard provides an insight into what Indicators have been added to the system within the last 15 days, as well as an overview of how many indicators fall under each indicator type.

Recently Created Indicators Histogram

The histogram is organized by date. Daily indicator totals are at the top of each column. Each bar is broken down into colors, one for each indicator type.

Recently Created Indicators

The following functions are available:

Function Details

Viewing the number of indicators created each day by type

 Hover over a colored section to view a popup showing how many attempts of a particular type (for example, MD5, SHA-1, SHA-256) were made on that date.

Recently Created Indicators

Zooming in for a closer view
  1. Drag your mouse over a section of the histogram, and your view will be magnified.

    Histogram
    Histogram Zoom
  2. Click Reset Zoom to return to the full histogram.

Printing the histogram or downloading it as a PNG, JPEG, PDF, or SVG file

 Click the hamburger menu hamburger icon, and select the desired option.
Most Recent 100 Indicators

The Most Recent 100 Indicators list displays the 100 most recently reported Indicators.

Most Recent 100 Indicators

The following functions are available:

Function Details
Sort the Table Click on the different table headings to sort that table by that column.
Search and Filter Table Results Click on one of the search boxes at the top of the columns and enter a keyword to filter the results.

You can use the supplied dropdown selections for the Status and Type columns to filter by system-available values.
Modify the Number of Rows Displayed Click on the Row Count icon located to the top-right of the chart and select a new display count from the dropdown.
Access the Indicator Details Page for a Specific Indicator Click on the specific Indicator to review to open the Indicator's Details page.
Attributes Table

The attributes list on the left side displays attributes related to Indicators in your system.

Attributes Table

The following functions are available:

Function Details
Change the Number of Entries Displayed in the Table Click the Row Count icon located to the top-right of the chart and select a new display count from the dropdown.
Search/Filter Attributes and Values Click within the search box at the top of the column, and enter your search criteria.
View More Information About a Selected Attribute
  1. Click on an attribute row in the table to view additional information in the right pane.

    If there are multiple attributes with the same number of indicators, the pie chart key and the table below the pie chart may list attributes in a different order since the key and table use different sorting methods.

    Attributes Circle
  2. Hover the mouse over different portions of the pie chart to reveal the segment's value.
  3. Click on an Attribute Value in the summary table below the pie chart to open the Advanced Search page with those attribute values applied.
Recent Sources

The Recent Sources Scatter plot displays how many indicators were provided by a given source each day within a specified time frame.
Recent Sources

The following functions are available:

Function Details
View the Date and Number of Indicators from a Given Source
  1. Hover the mouse over one of the scatter plot circles to view a popup with the Source, Date, Time and Number of Indicators.
    Recent Sources hover
  2. Click on the one of the scatter plot circles to open the Advanced Search page with the specific filter settings used for that selection.
Adjust the Date Range of the Information Displayed

The default date range is 30 days.

  1. Click the date range icon located to the top-right of the chart and use the dropdown menu select the desired range.

    You can select from:

    • Last 24 Hours
    • Last 7 Days
    • Last 30 Days
    • Last Year
    • User-set custom range
Hide Values from the Scatterplot
  1. Click on a source in the legend under the scatter plot to hide it.

    The Source will be removed from the scatter plot and the source in the legend appear grayed out.

  2. Click on the source again to add it back to the scatter plot.
Attack Phases

Attack Phases are the ways an indicator might be used and are listed as indicator attributes. The Attack Phases pie chart displays the number of indicators that fall under each attack phase.
Attack Phases

The following functions are available:

Function Details
View the Number of Indicators for an Attack Phase
  1. Hover the mouse over a portion of the pie chart to view a popup the Attack Phase and number of indicators associated with it.
  2. Clicking on a pie chart section will open the Advanced Search page with the specific filter settings used for that selection.
Adjust the Date Range for the Information Displayed

The default Date Range is 30 days.

  1. Click the date range icon located to the top-right of the chart and use the dropdown menu select the desired range.

    Users can select from:

    • Last 24 Hours
    • Last 7 Days
    • Last 30 Days
    • Last Year
    • User-set custom range
Hide a Values from the Pie Chart
  1. Click on a Attack Phase in the legend to the left of the pie chart to hide it.

    The Attack Phase will be removed from the pie chart and the source in the legend appear greyed out.

  2. Click on the Attack Phase again to add it back to the pie chart.