Threat Grid’s engineering team is always working on improvements to our leading malware analysis and threat intelligence platform. In the latter part of 2017 and into early 2018, the team has been working on improvements to the UI and workflow, making sure that customers can get to the specific information they are looking for, as quickly as possible. This has led to a rapid release of multiple interface improvements recently. In this blog, I’ll summarize the highlights here, and link you to a more in depth video about them.
To start with, the entire product is moving towards a unified look and feel with the rest of Cisco’s Advanced Threat Solutions. If you’re a customer of multiple products, you will develop familiarity with a unified set of icons and design elements, ergonomics and workflow, that will help you to more quickly and intuitively navigate multiple platform interfaces with ease.
Secondly, the dashboard, the entry point of the UI, has gotten a major facelift. Below you can see the new design.
This revamp provides a set of easy to use controls to select the data that will be represented in the dashboard; users can choose between seeing only their submissions or all submissions from their organization, and of several convenient preset time periods.
Below that is a simple ribbon of high level statistics, to easily check in on the general “health” of the user’s or organization’s Threat Grid usage.
Below that is a ribbon showing thumbnails of all recent dynamic analysis consoles. This is an incredibly quick way to check in on the status and results of recent submissions. Hovering the mouse over any of them produces a popup with a larger, zoomed in view.
The rest of the dashboard is, as before, composed of graphs and charts showing various aspects of your usage of the platform. These can be configured, and like the data selection tools at the top your settings will be automatically saved for the next time you log in. New capabilities here include being able to see what the submission sources were for your samples (Meraki, portal user, Firepower devices, etc) and the breakdown of submitted file types.
An improvement that doesn’t get communicated well in the still image above is the performance boost the UI has gotten. The dashboard is now much more responsive, having benefited from several foundational improvements that increase the speed at which query results are returned.
Something that at first glance appears to be missing from the dashboard is the longer and more detailed listing of recent samples you might be used to. This brings us to the third of our improvements for this article: The all new sample manager.
The sample manager is now a more powerful tool with its own page in the UI. Click on ‘Samples’ in the upper left navigation bar to get to it.
The left pane is a powerful set of filtering features, including the ability to perform many of the searches previously (and still) available via the advanced search feature. Additionally, you can filter by time period (including the option to set a custom date/time window), sample ownership, sample threat score, and sample source. Again, all these options will be saved for you the next time you log in. A feature I’m particularly fond of in the filter pane is an option at the very top, to display the API call that would be required to set the same filters in an automated search.
The right pane is the content and results area, in which you see all the samples that meet the criteria you set out in the left. Each sample’s row has its name, hash, score, a small icon that is densely packed with information about the behavior indicators that were triggered in the course of the analysis, and other useful information. Additionally, directly from this page you can take several actions either on individual samples or on an entire set at once (via the checkboxes at the left of the rows). You can download any or all of the analysis data, view or save the runtime video, change the privacy options, and more.
Via these changes, you will find Threat Grid to be a more intuitive, faster and easier to use tool. You can quickly sift through large amounts of information for specific details, or easily view the set as a whole with insight into trends and breakouts. You and your staff can spend more time working, and less time getting to where the work is done.
In late 2017, as the first of these changes were rolled out, I made a short video going into more detail on the new features and layout. While parts of it are already out of date given the rapid release cycle I mentioned, it is still a good walk through of the changes – watch it here for more information:
Tags:
from Cisco Blog » Security http://ift.tt/2GxyaWe
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.