Documentation
Start typing to search…
  1. Quick Start

Insights

Overview

Insights is a dashboard of key hunting metrics for your organization. The current Insights give you visibility into the volume and changes in signals in your environment to inspire new hunts. As well as metrics, the Insights page also provides an update of the most recent Detection Rules and File Creation anomaly events. The Detection Rule list shows how Nebulock is enabling coverage on emerging threats, while the File Creation anomalies identify potential insider activity on hosts.

Insights Summary

The Insights summary provides a high level view of the status and usage of the platform. This section is time derived and can be adjusted using the drop down picker at the top right of the page. The default view is the past 90 days, with the ability to change to the past 30 days.

  • Signals: The total number of signals generated by detection rules in the platform.
  • Vibe Hunts: The total number of vibe hunts executed in your Nebulock platform across all users.
  • Findings: The total number of Findings created from signals by the Nebulock platform.
  • Active Detection Rules: The total number of deployed detection rules, both customer created and Nebulock created, in the platform.

Activity Overview

The Activity Overview graph breaks the above data points down further, showing a daily tally of each category. Users can see their vibe hunts created over time, as well as how frequently rules are deployed or findings are generated from signals within their environment. Note: This section is also impacted by the date picker.

Signals Volume

The Signals Volume graph enables Nebulock users to quickly identify unexpected issues, like a sudden drop or spike in Signals that might indicate a data issue or a recently deployed rule that is too noisy. Note: This section is also impacted by the date picker.

Latest Nebulock Detection Rules

This section displays a list of detection rules created by the Nebulock Detection Engineering team. Each rule contains the corresponding MITRE ATT&CK ID by T-number, as well as a brief title describing what behavior(s) the rule will identify. This list allows you to understand current detection coverage provided by the Nebulock team and focus on hunting new and emerging threats.

Recent File Creation Anomalies

File anomaly detection monitors how many files are being created on each endpoint over time. Nebulock will establish a normal baseline for this activity and continuously compare current behavior against that baseline. If we see a sudden spike that’s significantly higher than what’s typical for that system, it will show up here as anomalous.

Updated 4 days ago