Skip to main content

Cyware Fusion and Threat Response

Connect the Dots

The connect the dots feature enables security analysts to draw contextual intelligence on complex threat campaigns, identify potential attacker trajectories, and establish hidden threat patterns by uncovering correlations between isolated threats and incidents. Using Connect the Dots, you can connect various types of CFTR modules that are related to a module. You can add connections from the module overview and the Connect the Dots tab.

Add Connections from Module Overview

To add connections from the module overview, do the following:

  1. On the module details, on the top-right, click Show Overview and go to the Connect the Dots.

  2. Click Connect More.

  3. Select a module. The modules that are available to connect are displayed under the following sections:

    • Suggested Component: Displays the list of modules that are suggested by CFTR using the ML algorithm.

    • All Component: Displays all the modules that are available on CFTR.

  4. (Optional) Use the search bar to search for a specific module or filter the list of modules using the predefined set of filters.

  5. Select the modules that you want to connect.

  6. Click Save.

Add Connections from Connect the Dots Tab

To add connections from the Connect the Dots tab, do the following:

  1. On the module details, go to Connect the Dots. All the existing connections appear under Connected.

  2. To connect more modules of the connected module type:

    1. Under Connected, on a module tile, click Connect Module Name. For example, to connect campaigns, on the Campaigns tile, click Connect Campaigns.

    2. Select the modules to be connected.

    3. Click Connect Module Name

  3. To connect other modules:

    1. Go to Available to Connect.

    2. On each component tile, select the records to be connected and click Connect Module Name.

Suggested Components

CFTR uses Machine Learning technology to compare the metadata of modules and calculates a similarity score. The similarity score varies from 0 to 10, where 10 is the most similar record. The Suggested section displays the list of modules based on the similarity score.

If a suggested module is not relevant, then you can mark it as irrelevant. To mark a module as irrelevant, click More and select Mark as Irrelevant.