Share Blog Post
With the threat landscape becoming complex, it is imperative for security teams to be able to establish hidden patterns between seemingly disconnected threats and incidents. We understand the significance of finding latent patterns and gaining more context on an incident, therefore in our latest Cyware Fusion and Threat Response (CFTR) v2.12, we have enabled security analysts to visualize the connections between an incident and the related components and indicators. In this version, we offer Incident Visualizer that allows CFTR users to perform root cause analysis of an incident.
What are the Benefits?
With the new Incident Visualizer feature, CFTR users can now:
- add components and indicators
- expand associations
- group/ungroup the components and indicators as per their types
- change the visualization layout
- export the visualization layout in different formats.
- view Connect the Dots details for each component and indicator
- perform node analysis
All About the New Feature
The feature that was known as Network Diagram in the previous versions of CFTR has now been renamed as Incident Visualizer. Previously, the Network Diagram feature would graphically represent the Connect the Dots components and indicators but now the Incident Visualizer in CFTR 2.12 has been significantly updated with improved visualization capabilities and several other features.
Incident Visualizer is a graphical representation of the components and indicators that are added to the Connect the Dots and Indicators sections of CFTR v2.12 with many more advanced features to support security analysts’ detailed investigation. The Incident Visualizer helps security analysts visualize all the connections related to an incident, thereby enabling them to make faster and better decisions during an incident response process.
- Add Components and Indicators: In the Incident Visualizer tab, users can add components and indicators. Any component or indicator added to the Incident Visualizer is also added to the Connect the Dots or Indicators tabs.
- Group/Ungroup the Connections: Based on their types, any component and indicator can be grouped or ungrouped.
- Expand Associations: Users can expand associations to further view the individual connection details.
- Change Visualization Layout: From the two available layouts—Organic and Hierarchy—users can view and select any layout they want.
- Export Visualization Layout: Users can export the visualization layout in PNG, JPEG, and SVG formats.
- View Connect the Dots Details: In the Incident Visualizer tab, CFTR users can view Connect the Dots details for each component and indicator.
- Perform Node Analysis: It displays the summary and breakdown of all the connected components and indicators. Users can show or hide the nodes and groups.
The Bottom Line
In a nutshell, the Incident Visualizer allows security analysts to perform better, simplified, and granular analysis of an incident. This new feature will let security analysts connect the dots between different incidents and establish hidden threat patterns, placing them a step ahead in investigating an incident.
Tags
Posted on: December 24, 2021
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
The Virtual Cyber Fusion Suite
