This article discusses how to use the Stories Overview dashboard to get a quick overview of the Detection & Remediation stories and risk analysis in your network.
The Stories Overview dashboard lets you see at a glance the potential threats to your network detected by the Cato Detection & Remediation security layer. You can also drill-down and analyze the traffic in the Stories Workbench screen. The dashboard contains a number of widgets that provide visibility and analytics, including:
-
Highest risk stories
-
Potentially risky hosts and sites in your network
-
Most common indicators of attack (IoA) among detected stories
-
Most common MITRE ATT&CK® framework techniques and risk types among stories in your network
-
Breakdown of stories by risk level
You can use the widgets in this dashboard to drill-down and see the data automatically filtered in the Stories Workbench screen.
Cato's risk scores help you assess the potential threats on your network. Widgets on the Stories Overview page show risk scores for stories in your account, along with an overall Account Risk Score. These are the explanations for the risk scores:
-
Story Risk Score - Cato assigns each story a risk score from 1 (no risk) to 10 (very high risk) to help you evaluate the potential threats in your account.
To generate the risk score, Cato uses proprietary machine learning algorithms trained on past conclusions of the Cato security team. The generated risk score takes into account these previous analyst conclusions and measures the probability that a new story is malicious.
-
Account Risk Score - The overall risk score for the account ranges from 29 (no risk) to 100 (very high risk). The score is based on all the story risk scores for the selected time range, and is calculated using a formula developed by the Cato RnD team.
The Stories Overview page contains a number of widgets that present an overview of the stories and risk levels in your network.
Use the time range filter to determine the time window for the data and analytics in the dashboard. For more about the time range filter, see Setting the Time Range Filter.
This section explains the widgets that are available in the Stories Overview dashboard. The data in the page is based on the configured time range.
These are the widgets:
-
Account Risk Score - Total risk score for the account, based on an analysis of all stories during the selected time range.
-
Stories Status - Shows how many stories are pending further action by analysts or the customer, and how many have been closed.
Click any number to open the Stories Workbench screen pre-filtered for that status.
-
Counters - Number of individual sites, sources, and indicators of attack that were involved in the total number of stories.
-
Highest Risk Stories - Basic information for the top five highest-risk stories.
Click in the row of a story to analyze it in the Stories Workbench drill-down screen.
-
Top 5 Hosts - Shows a list of the top hosts with the number of stories for each one.
Click in the row of a host to open the Stories Workbench screen pre-filtered for that host.
-
Top 5 Sites - Shows a list of the top sites with the number of stories for each one.
-
Stories Breakdown by Risk - Shows the percentages of high, medium, and low risk stories among all stories. These are the criteria for the risk categories:
-
High - Stories with a risk score between 7 - 10
-
Medium - Stories with a risk score between 4 - 6
-
Low - Stories with a risk score between 1 - 3
Hover the mouse over a graph section to show the number of stories in that risk category and the percentage of the total.
Click on a risk category in the list or the graph to open the Stories Workbench pre-filtered for that risk category.
-
-
Top 5 Stories by IoA - Top indicators of attack in stories in the network, with their percentages among the top five.
Hover the mouse over a graph section to show the number of stories associated with an IoA, and the percentage among the top five.
Click on an IoA in the widget or the graph to open the Stories Workbench screen pre-filtered for that IoA.
-
Top 5 Stories by MITRE Techniques/Risk Type - Shows a list of the top MITRE ATT&CK® techniques or risk types in stories in the network, with their percentages among the top five.
To choose which data type to display, select MITRE Techniques or Risk Type from the drop-down menu.
-
Top 5 Sites by Stories Count - Geographical map that shows the locations of the sites associated with the highest number of stories.
Hover the mouse over a location on the map to show the site name, country, and number of stories.
0 comments
Please sign in to leave a comment.