Getting Started with Signal Anatlytics

  • Updated
Table of Contents:

Search Bar

The search bar allows you to quickly find specific signals based on various attributes such as signal type, severity, source (Google Chronicle, ASE), and time. Simply enter the desired signal attribute and press Enter to filter the results.

Note: Advanced Search enables you to filter signals using any signal attribute for more precise results.

Performing and saving signal analysis 

Use this procedure to perform and save an analysis after adding the required dimensions and values in the desired view.

Steps to Start an Analysis:

  1. Navigate to Security → Signal Analytics to open the Signal Analytics page.
  2. Select a date range to filter signals received in Resolution Intelligence Cloud within this time frame to perform analysis. 
  3. Choose a view format to display the signals. Possible options:
    • Time-Series Analysis – View the number of signals generated daily, weekly, monthly, quarterly, or yearly across different entities.
    • MITRE View – Analyze signals mapped to different phases of the MITRE ATT&CK framework to understand attacker behavior.
    • List View – Display a detailed list of signals generated for the selected dimension(s).
  4. Click Start Analysis to navigate to the insights page. This will display data in the selected view.
  5. Click Save Analysis to save your findings in the desired format.
    • If needed, use the Notes option to add additional details about your analysis.
    • All saved analyses will be accessible in the Analysis Hub.

Viewing Saved Analyses

To view analyses saved by different users within a tenant:

  1. Navigate to Security → Signal Analytics to open the Signal Analytics page.
  2. Review the list of saved analyses under the Analysis Hub section.
    • Analysis Name – The name given to the analysis.
    • Created By – The user who created the analysis.
    • Modified By – The user who last updated the analysis.
  3. Click on any analysis to revisit and explore it further.

Explore Instantly with Predefined Views

Jump right into exploration: Skip the initial search with pre-built views located below the search bar. These views offer essential signal sets tailored to common analysis needs, helping you get started quickly.

Time Series Analysis

See beyond the static:

Uncover hidden insights by juxtaposing signals across time. This powerful feature reveals hidden trends, patterns, and potential threats that might not be evident in standalone observations.

Analysis by MITRE ATT&CK® framework

Unmask the attacker's playbook: Gain deeper insights into attacker behavior by aligning signals with the MITRE ATT&CK® framework. This view reveals the specific tactics, techniques, and procedures (TTPs) utilized, empowering you to make informed decisions regarding your security posture.

Enhanced List View

Gain complete situational awareness: Get a comprehensive overview of triggered signals with the clear and concise list format. This view allows for efficient threat response and analysis by enabling easy identification and prioritization of critical signals.

Related articles

Comments

0 comments

Please sign in to leave a comment.