Threat Intelligence monitoring

The Threat Intelligence overview provides several useful reports, as well as Really Simple Syndication (RSS) and Atom format feeds of security-related news. You can also configure a threat feed of security-related news.

Users with the sn_ti.read role or higher can use the Overview module to display threat information in the following reports.

In each chart, you can point to any part of a chart (bar, pie, data point, and so on) to view general data specific to that part, as shown. If you click any part of a report, a list opens to provide detailed information.
Sample Threat Intelligence chart

Threat Intelligence Overview reports

Name Visual Description
Observables by Type (Last 30 Days) Bar chart Count of recently seen observables grouped by observable types.
Completed Lookups by Type (Last 30 Days) Bar chart Count of completed lookups grouped by lookup types.
Indicator Attack Modes/Methods (Last Bar chart Count of attack modes/methods for each indicator. The attack mode/method counts are separated by type (for example, by Feodo and Zeus).

Threat Feed

You can define any RSS news feed or bulletins to be displayed in a scrolling feed.

Threat Feed
You can load new articles on demand by clicking the Refresh icon (). You can also select the gear icon to set the amount of time between refreshes from the list field.
Figure 1. Refresh interval
Refresh interval widget