Investigations and Indicators Dashboard

This dashboard shows information about the detected indicators, the status of the created investigations, the computers and clients most likely to suffer a cyberattack, and the hunting rules that generated most indicators on the platform.

To access the dashboard:

In the top menu, select Dashboard. In the side panel, select Investigations and indicators. A page opens that shows the dashboard tiles.
Select a time period for the data shown in the tiles:
- Last 24 hours
- Last 7 days
- Last month
- Last year

Open Investigations

This tile shows all the investigations that have the status In Progress. These investigations are divided into two groups: investigations opened by the user account that accessed the dashboard and investigations opened by other user accounts.

Open Investigations tile

Meaning of the Data Displayed

Data	Description
Others	Investigations with status In Progress that have been opened by user accounts other than the one you used to access the analysis console.
Mine	Investigations with status In Progress opened by the user account you used to access the analysis console.
Meaning of the data displayed in the Open Investigations tile

Indicators Pending Investigation

This tile shows all indicators that have not yet been assigned to an investigation and therefore have not been investigated, and the indicators which, although assigned to an investigation, have not been closed and therefore the investigation has not been concluded.

Indicators Pending Investigation tile

Meaning of the Data Displayed

Data	Description
Total	Total number of indicators with status In Progress and Pending
Critical	Indicators whose Severity level is 1 (Critical)
High risk	Indicators whose Severity level is 2 (High risk)
Medium risk	Indicators whose Severity level is 3 (Medium risk)
Low risk	Indicators whose Severity level is 4 (Low risk)
Meaning of the data displayed in the Indicators Pending Investigation tile

Top Risk Computers

This tile shows the computers where Cytomic Orion has detected greatest risk, with the number of indicators assigned and their severity level. The list is sorted so that it first shows the computers where most critical indicators were detected, then those with most high-risk indicators, then medium-risk ones, and finally low-risk ones.

Top Risk Computers tile

Meaning of the Data Displayed

Field	Description
Name	ID of the computer.
Client	ID of the client.
Indicators	Number of indicators found, grouped by severity level. Critical indicators. High risk indicators. Medium risk indicators. Low risk indicators.
Meaning of the data displayed in the Top Risk Computers tile

Top Risk Hunting Rules

This tile shows the hunting rules that have generated most indicators, sorted by severity level, along with the number of computers affected and the number of indicators the rules generated. The list is sorted so that it first shows the hunting rules that generated most critical indicators, then those with most high-risk indicators, then medium-risk ones, and finally low-risk ones. Within each severity level, the rules are sorted by the number of indicators generated.

Top Risk Hunting Rules tile

Meaning of the Data Displayed

Field	Description
Name	ID of the hunting rule.
Severity	Severity level associated with the hunting rule.
Computers	Number of different computers where an indicator was generated.
Indicators	Number of indicators generated by the hunting rule.
Meaning of the data displayed in the Top Risk Hunting Rules tile

Top Risk Clients

This tile appears only for MSSPs/MDR vendors who manage multiple clients.

This tile shows the clients whose computers have most Pending or In Progress indicators assigned. The list is sorted by severity level, so that it shows the clients with the greatest amount of critical indicators first, then the ones with high-risk indicators, followed by the medium-risk ones, and finally the low-risk ones.

Top Risk Clients tile

Meaning of the Data Displayed

Field	Description
Name	ID of the client. Critical indicators. High risk indicators. Medium risk indicators. Low risk indicators.
Meaning of the data displayed in the Top Risk Hunting Rules tile

Field

Description

Name

ID of the client.

Critical indicators.
High risk indicators.
Medium risk indicators.
Low risk indicators.

Meaning of the data displayed in the Top Risk Hunting Rules tile

Indicators

This tile contains a line graph that shows the number of indicators generated over time, based on their severity level. The graph includes four data series: one for each severity level supported in Cytomic Orion.

Indicators tile

Meaning of the Data Displayed

Data	Description
	Critical indicators
	High risk indicators.
	Medium risk indicators.
	Low risk indicators.
Meaning of the data displayed in the Indicators tile