This article explains the multiple dashboards available under the dashboard tab of an attack surface exposure module.
The dashboard shows different widgets that consist of risk scores associated with each threat, the discovery of risky assets, exposed services to digital attacks, and risks detected from different sources - AWS, Amazon, Google Cloud, and others.
Risk Score Widget along with Line chart
Overall Risk score denotes the cumulative score of all risks posed by threats over a period of one month, as shown below. A higher score encourages the support team to drill down to analyze multiple threats to mitigate the risk.
Line Charts across Threat Categories
Resolution Intelligence Cloud categorized all threats into 4 different categories, and their respective risk scores over a period of one month are shown on the charts. Hover your mouse over the respective lines to see the risk score and the severity level of a threat.
Highly Impacted Signals
The table describes all signals that are generated from the different sources with a risk score greater than 85 means these are highly impacted risky signals that require special attention from the security team to mitigate the damage.
The components in the below table are
- Signal ID - Identification number of each signal
- Created On - Date and time on which the signal generated
- Severity - A state of a signal
- Category - Type to which a signal belongs
- Risk Rule - Type of rule that applied to each signal
- Risk Score - Score of each signal denotes the potential damage that is impacting on asset
To drill down more details of a signal, click on the Signal ID. A popup appears on screen where you can view the summary of signal, type of risk rules that are applied to signal, impacted entities such as - IP address, ports, service types and devices; and recommendations suggested by Netenrich to suppress/close the signal without following complex procedures.
Resolution Intelligence Cloud provides an ability to close the signal that is in opened state by analyzing the score of a signal.
To update the signal state to Closed,
- Click on the Signal ID. A pop up appears on screen.
- Scroll down and click on Update Signal Status.
- Select status from the dropdown list (Closed/Open)
- Choose appropriate option for Close Reason
- Enter Comments
- Click Update
Discovery of digital assets
Leader board widget displays the total number of digital assets discovered and out of which total number of risky assets are identified. The column chart displays the risk-free and risky assets discovered on the Y-axis and spread across different categories that are displayed on the X-axis over a period of time.
IP by Hosting Provider
The leader board displays the total number of assets associated with their respective IPs for all providers. The bar chart displays the number of assets associated with their respective IPs on the X-axis and different hosting providers on the Y-axis. Each bar represents the number of assets associated with IPs generated per host.
Exposed Services
The leaderboard displays the cumulative number of compromised services due to external threats. The bar chart displays the number of exposed services on the X-axis and the names of services on the Y-axis.
Risks Discovered
The leaderboard displays the total number of risks discovered across different categories. The bar chart shows the number of risks found on the X-axis and the severity level on the Y-axis. The corresponding line chart displays the number of risks found for each severity level per day of the month.
Open Risks by Category
The bar chart displays the number of risky signals that are open to investigation on the X-axis and their respective categories on the Y-axis.
Signals closed by Reason
The pie chart displays the signals closed automatically by interpreting different rules and other reasons in their respective percentages. The corresponding bar chart shows the number of signals closed on the X-axis and each reason on the Y-axis.
Risky signals Open vs Closed
The column chart displays the total number of signals that are open to investigation versus the total number of signals closed due to any one of these reasons (Auto closed, Acknowledged, Risk Accepted, Resolved, False Positive, and without any reasons).
Comments
0 comments
Please sign in to leave a comment.