5.6.2. Web UI `Top risk` screen

After pressing one of the `Main` buttons and then the `Top risks` button, the following screen is displayed.

../../_images/GCE103_TOP-RISK_1.PNG

This screen includes the following:

Item

Zone

To display

1

`RISK TIMELINE` zone

Alarm timing and risk levels

2

`ASSETS` zone

List of found active equipment

3

`ASSETS RISK` zone

Representation of the number of alerts filtered by active equipment

4

`STATS` zone

Statistics on detected threats

5

`Filter by GCap` and Calendar fields

Selection of GCap and range time to filter information

6

`USERS RISK` zone

Representation of the number of alerts filtered by active users

5.6.2.1. `RISK TIMELINE` zone

The `RISK TIMELINE` zone indicates the alarm sequence and their risk levels:

  • Horizontal axis: date and time of threat occurrence

  • Vertical axis: risk level

  • Each threat is placed on the graph, its size indicating the number of alerts.
    Hovering over the threat displays the following:

  • Hostname

  • IP

  • Risk

  • Alert count

  • Date

  • MITRE threat type

5.6.2.2. `ASSETS` zone

The `ASSETS` zone displays the list of active equipment found in the detected threats.
By clicking on each equipment, the `Assets` window is displayed on that equipment.

5.6.2.3. `ASSETS RISK` zone

The `ASSETS RISK` zone displays the number of alerts of active equipment in the form of a bubble.
The size of the bubble depends on the number of alerts on this equipment.
By clicking on an equipment, the `Assets` detailed window is displayed on that equipment.

5.6.2.4. `STATS` zone

The `STATS` zone displays the following counters:

  • `Hostnames`

  • `@mac`

  • `Users`

  • `OS`

  • MITRE counters:

  • `Execution`

  • `Persistence`

  • `Privilege Escalation`

  • `Defense Evasion`

  • `Lateral Movement`

If a counter is pressed, the system displays a detailed list of each of these risks (Alerts screen).

5.6.2.5. `USERS RISK` zone

The `USERS RISK` zone displays the number of active user alerts as bubbles.