User interface overview
To reach the Signal Analytics screen, navigate to Signal Analytics under Security from the left menu.
Upon entering the Signal analytics module, you will be greeted by an intuitive user interface designed to streamline your analysis experience. The interface consists of two primary components:
- The signals graph and
- The procedural filter panel.
The signals graph visually represents the signals as data points, allowing you to grasp the overall trends and patterns at a glance. Each data point represents a specific signal, and you can interact with the graph to zoom in, zoom out, or focus on specific time periods.
On the right side of the signals graph, you will find the filter panel. This panel provides options to filter and select signals based on various criteria, such as detection source, tactics, techniques, event types, or any of the metadata tags/specific attributes. These filtering capabilities enable you to narrow down your analysis to specific areas of interest and focus on signals that are most relevant to your objectives.
Besides acting as a filter panel, the panel on the right also highlights trends within each attribute for the selected data on the left. In this example, as we the trends in Log source type attribute, which gives an immediate knowledge that the majority of the signals on the left are Office 365 followed by Azure AD and so forth.
Navigating through signals and trends
Using the filter panel, you can refine your analysis by selecting specific signals or applying custom criteria. Once you have filtered the signals to your desired selection, the signals graph will update accordingly, displaying only the selected signals for further analysis.
Besides acting as a filter panel, the panel on the right also highlights trends within each attribute for the selected data on the left. For example, you can observe trends in the "Log source type" attribute, which provides immediate insight into the distribution of signals across different log sources. This information allows you to quickly identify predominant log sources, such as Office 365 or Azure AD, and gain a better understanding of the signal landscape.
These advanced filtering and trend analysis capabilities empower you to extract deeper insights from your signals and make more informed decisions. In the next section, we will explore the techniques and tools available for analyzing signals within the Resolution Intelligence platform.
Applying Machine Learning Models
The Signal analytics module offers a range of built-in machine-learning models that can be applied to the selected signals. These models enable you to uncover hidden trends, correlations, and anomalies that may not be readily apparent through manual analysis. For example, clustering models can identify groups or clusters of similar signals, while time series analysis models can reveal patterns over time. By leveraging these machine learning models, you can gain valuable insights into the behavior of threats and identify emerging risks.
Analysis based on MITRE framework
Another powerful feature of the Signal analytics module is the ability to analyze signals based on the MITRE framework. By aligning signals with the MITRE ATT&CK® framework, you can identify specific tactics, techniques, and procedures employed by threat actors. This analysis provides a deeper understanding of the threats and enables you to better prioritize your response and mitigation efforts.