5.6.5. Web UI `Overview` screen

After pressing the `Overview` buttons on the navigation bar, the `Overview` screen is displayed.
It includes the following items:
../../_images/OVERVIEW.PNG

Item

Description

1

`Overview` screen : dashboard selector

2

`Overview` screen alerts list display area

3

`DETECTIONS BY ALERTE TACTICS` zone of the `Overview` screen

4

`DETECTIONS BY MITRE TACTICS` zone of the `Overview` screen

5

`ALERTS TYPE RISK RANKING` zone of the `Overview` screen


5.6.5.1. `Overview` screen : dashboard selector

../../_images/OVERVIEW_REP1.PNG

The screen displays a set of:

  • One button (4) to select the GCap(s) whose information is displayed

  • One button (5) for the period for which the information is displayed

  • Three buttons (1 to 3) to define the theme of the dashboards displayed on this page

Item

Name

Description

1

`ALERT RISK LEVEL`

Alert Risk Level. Defines `ALERTS` theme for dashboards

2

`ASSET RISK LEVEL`

Risk level of assets. Defines the `ASSET` theme for dashboards

3

`USER RISK LEVEL`

User Risk Level . Defines the `USER` theme for dashboards

4

GCAP selector

Selection of GCap

5

Time period selector

Selection of the display period


5.6.5.2. `Overview` screen alerts list display area

The display of the alerts is possible in 2 ways selectable by the button (4):

  • Display `BUBBLE RISKS`

  • Display `RISK MATRIX`

For the ALERTS theme, the `BUBBLE RISKS` display consists of:

../../_images/OVERVIEW_REP2.PNG

Item

Description

1

Bubble zone. Each element (here an alert) is displayed as a bubble.
Each item is numbered and corresponds to the list displayed next to it.
By hovering over an element, a window gives additional information.

- Number, not Alert
- Risk: percentage level of risk
- Alert counter
- type of MITRE alerts

2

Alert number

3

Name of detected threat
By hovering over an element, a window gives the same additional information.
By clicking on the name, the system displays the `Alerts` screen for the selected threat for more information.

4

Display change button (bubbles/matrix)

5

Type field: type of risk (malware...)

6 and following

Each column indicates the category MITRE (`Execution`, `Persistence`, `Privilege Escalation`, `Defense Evasion`, `Lateral Movement`).
Each point defines the threat category.

5.6.5.3. `DETECTIONS BY MITRE TACTICS` zone of the `Overview` screen

../../_images/OVERVIEW_REP3.PNG

The system displays the distribution of risks between the following categories in a circular fashion:

Benchmark

Name

Description

1

`Lateral Movement`

Number of lateral movements

2

`Execution`

Number of threats executed

3

`Privilege Escalation`

Number of privilege escalation

4

`Defense Evasion`

Number of defensive escapes

5

`Persistence`

Number of persistent threats

Note

Depending on the threat, only the categories present are displayed.

In the MITRE column, the following icons can be displayed:

Icon

Name

Description of threat type

see more information

../../_images/execution.png

Execution

Opponent is trying to execute malicious code.

https://attack.mitre.org/versions/v10/tactics/TA0002/

../../_images/persistence.png

Persistence

Opponent trying to maintain hold

https://attack.mitre.org/versions/v10/tactics/TA0003/

../../_images/privilege.png

Privilege Escalation

Opponent trying to get higher level permissions

https://attack.mitre.org/versions/v10/tactics/TA0004/

../../_images/defense.png

Defense Evasion

The opponent tries to avoid being detected.

https://attack.mitre.org/versions/v10/tactics/TA0005/

../../_images/lateral.png

Lateral Movement

The opponent tries to move around your environment.

https://attack.mitre.org/versions/v10/techniques/T1210/



5.6.5.4. `DETECTIONS BY ALERTE TACTICS` zone of the `Overview` screen

../../_images/OVERVIEW_REP4.PNG

The system displays a circular risk breakdown between the following categories:

Benchmark

Name

Description

1

`Powershell`

Number of powershells detected

2

`Malware`

Number of shellcodes detected

3

`IDS`

Number of malware detected

4

`shellcode`

Number of IDS detected


5.6.5.5. `ALERTS TYPE RISK RANKING` zone of the `Overview` screen

The system displays the risks:

  • Grouped by type of alert

  • Sorted by decreasing risk level

Each bar of the graph indicates the percentage of the risk and the type of alert.
Passing the cursor, the system displays:
  • The type of alert

  • The percentage of risk

  • The number of alerts

By clicking on the bar, the system displays the information defined in the `Alerts` screen for the selected risk type.
In the example below, the window displays the following information:
../../_images/OVERVIEW_REP5.PNG

ITEM

Name

Description

1

Percentage for this type of alert

Indicates the probability that this likely risk is real

2

Alert type

Alert type `Malware`, `IDS`, `shellcode`