Skip to main content

View Dashboards

The Cyware Intel Exchange (CTIX) app provides dashboards to graphically display the indicators ingested into Splunk. These dashboards help users analyze indicator trends, distribution across different indicator types, and correlations between Intel Exchange indicators and Splunk event data.

View Indicator Overview Dashboard

The Indicator Overview dashboard provides a summary of indicators ingested from Intel Exchange. It helps users monitor indicator trends, distribution by type and source, and relationships with other threat intelligence objects. Click Indicator Overview to view the dashboard.

The dashboard includes the following widgets:

  • Total Indicators: Displays the total count of all indicators collected from Intel Exchange across all indicator types.

  • Total Matched Indicators Count: Displays the total count of indicators that have been matched against Splunk events.

  • Indicators: Last 24 hours: Displays the total count of new indicators created in the last 24 hours across all indicator types collected from Intel Exchange.

  • Indicators: Last 7 days: Displays the total count of new indicators created in the last seven days across all indicator types collected from Intel Exchange.

  • Indicators: Last 30 days: Displays the total count of new indicators created in the last 30 days across all indicator types collected from Intel Exchange.

  • Allowed Indicators Count: Displays the total count of indicators that have been added to the allowlist.

  • Deprecated Indicators Count: Displays the total count of indicators that have been marked as deprecated.

  • False Positive Indicators Count: Displays the total count of indicators that have been marked as false positives.

  • Revoked Indicators Count: Displays the total count of indicators that have been revoked.

  • Marked for Review Indicators Count: Displays the total count of indicators that have been marked for review.

  • Actioned Indicators Count: Displays the total count of indicators that have been actioned.

  • Timeline Distribution of Indicators: Displays the timeline distribution of indicators created over time.

  • Top 10 Indicators Distribution by Source: Displays the distribution of indicators by their source systems.

  • Source based Timeline Chart: Displays the timeline distribution of indicators by source over time.

  • IOC Type based Timeline Chart: Displays the timeline distribution of indicators by IOC type over time.

  • Indicators Distribution by IOC Type: Displays the distribution of indicators by their type, such as File, URL, Domain, and more.

  • Indicators Distribution by Risk Score: Displays the distribution of indicators based on risk score.

  • Indicators Distribution by Top 10 Tags: Displays the distribution of indicators based on the top 10 most common tags.

  • Indicators Count by Geo Location (Country): Displays the geographic distribution of indicators by country.

  • Indicators with Relations: Displays the count of indicators that have associated relations, such as threat actors, malware, or campaigns.

  • Indicators with Threat Actors: Displays the count of indicators that are associated with threat actors.

  • Top 10 Indicators Distribution by Threat Actors: Displays the distribution of indicators by the top 10 threat actors.

  • Indicators by Threat Actors: Displays a detailed list of indicators grouped by threat actors.

  • Indicators with Attack Patterns: Displays the count of indicators that are associated with attack patterns.

  • Top 10 Indicators Distribution by Attack Patterns: Displays the distribution of indicators by the top 10 attack patterns.

  • Indicators by Attack Patterns: Displays a detailed list of indicators grouped by attack patterns.

  • Indicators with Malware: Displays the count of indicators that are associated with malware.

  • Top 10 Indicators Distribution by Malware: Displays the distribution of indicators by the top 10 malware families.

  • Indicators by Malware: Displays a detailed list of indicators grouped by malware families.

  • Indicators with Campaigns: Displays the count of indicators that are associated with campaigns.

  • Top 10 Indicators Distribution by Campaigns: Displays the distribution of indicators by the top 10 threat campaigns.

  • Indicators by Campaigns: Displays a detailed list of indicators grouped by threat campaigns.

  • Indicators with Tools: Displays the count of indicators that are associated with tools.

  • Top 10 Indicators Distribution by Tools: Displays the distribution of indicators by the top 10 attack tools.

  • Indicators by Tools: Displays a detailed list of indicators grouped by attack tools.

  • Indicators with Custom Attributes: Displays the count of indicators that contain custom attributes.

  • Top 10 Indicators with Custom Attributes by IOC Types: Displays the distribution of indicators with custom attributes by IOC type.

  • List of Indicators with Custom Attributes: Lists indicators that contain custom attributes.

  • Indicators with Enrichment Data: Displays the count of indicators that contain enrichment data.

  • Top 10 Indicators with Enrichment Data by IOC Type: Displays the distribution of indicators with enrichment data by IOC type.

  • List of Indicators with Enrichment Data: Displays a detailed list of indicators with enrichment data.

  • Indicators with Vulnerabilities: Displays the count of indicators that are associated with vulnerability reports.

  • Top 10 Indicators Distribution by Vulnerabilities: Displays the distribution of indicators by the top 10 vulnerability reports.

  • Indicators by Vulnerability Reports: Displays a detailed list of indicators grouped by vulnerability reports.

View Correlation Overview Dashboard

The Correlation Overview dashboard displays information about matched indicators that have been found in the Splunk indices. It provides visibility into indicators from Cyware CTIX that have been correlated with data in your Splunk environment, helping you identify active threats and take appropriate actions. Click Correlation Overview to view the dashboard.

The dashboard includes the following widgets:

  • Total Matched Indicators: Displays the total count of all matched indicators across all indicator types.

  • Matched Indicators: Last 24 hours: Displays the total count of indicators matched in the last 24 hours.

  • Matched Indicators: Last 7 days: Displays the total count of indicators matched in the last seven days.

  • Matched Indicators: Last 30 days: Displays the total count of indicators matched in the last 30 days.

  • Allowed Matched Indicators Count: Displays the count of matched indicators that have been added to the allowlist.

  • Deprecated Matched Indicators Count: Displays the count of matched indicators that have been marked as deprecated.

  • False Positive Matched Indicators Count: Displays the count of matched indicators that have been marked as false positives.

  • Revoked Matched Indicators Count: Displays the count of matched indicators that have been revoked.

  • Marked for Review Matched Indicators Count: Displays the count of matched indicators that have been marked for review.

  • Actioned Matched Indicators Count: Displays the count of matched indicators that have been actioned.

  • Timeline Distribution of Matched Indicators: Displays the timeline distribution of matched indicators over time.

  • Top 10 Matched Indicators Distribution by Source: Displays the distribution of matched indicators by their source systems.

  • Matched Indicators Distribution by IOC Type: Displays the distribution of matched indicators by their type.

  • Matched Indicators Distribution by Risk Score: Displays the distribution of matched indicators by risk scores.

  • Matched Indicators Count by Geo Location (Country): Displays the geographic distribution of matched indicators by country.

  • Matched Indicators Distribution by Top 10 Tags: Displays the distribution of matched indicators by the top 10 most common tags.

  • Matched Indicators with Threat Actors: Displays the count of matched indicators associated with threat actors.

  • Top 10 Matched Indicators Distribution by Threat Actors: Displays the distribution of matched indicators by the top 10 threat actors.

  • Matched Indicators by Threat Actors: Lists detailed matched indicators grouped by threat actors.

  • Matched Indicators with Malware: Displays the count of matched indicators associated with malware families.

  • Top 10 Matched Indicators Distribution by Malware: Displays the distribution of matched indicators by the top 10 malware families.

  • Matched Indicators by Malware: Lists detailed matched indicators grouped by malware families.

  • Matched Indicators with Vulnerabilities: Displays the count of matched indicators associated with vulnerability reports.

  • Top 10 Matched Indicators Distribution by Vulnerabilities: Displays the distribution of matched indicators by the top 10 vulnerability reports.

  • Matched Indicators by Vulnerability Reports: Lists detailed matched indicators grouped by vulnerability reports.

  • Matched Indicators with Attack Patterns: Displays the count of matched indicators associated with attack patterns.

  • Top 10 Matched Indicators Distribution by Attack Patterns: Displays the distribution of matched indicators by the top 10 attack patterns.

  • Matched Indicators by Attack Patterns: Lists detailed matched indicators grouped by attack patterns.

  • Matched Indicators with Campaigns: Displays the count of matched indicators associated with threat campaigns.

  • Top 10 Matched Indicators Distribution by Campaigns: Displays the distribution of matched indicators by the top 10 threat campaigns.

  • Matched Indicators by Campaigns: Lists detailed matched indicators grouped by threat campaigns.