Proxy Storyboard

###Walk-through

1. Select the option Proxy > Storyboard from Open Network Insight Menu.

3. Your view should look something like this, depending on how many threats you have analyzed and commented on the Threat Analysis for that day. You can select a different date from the calendar.

Executive Threat Briefing

Data source file: threats.csv
Executive Threat Briefing frame lists all the incident titles you entered at the Threat Investigation notebook. You can click on any title and view the additional comments at the bottom area of the panel.

Incident progression

Data source file: incident-progression-{id}.json
Incident progression frame is located on the right side of the Web page.
Incident Progression displays a tree graph (dendrogram) detailing the type of connections that conform the activity related to the threat. It presents the following fields:

• Referer – URLs that refers to the Suspicious Proxy Record
• IP – All ip addresses connecting to the Suspicious Proxy Record
• Method – Proxy methods used to communicate in between the IP addresses and the Proxy Record
• ContentType – HTTP MIME Types
• Threat – Represents the Suspicious Proxy Record
• Referred – URLs that the Suspicious Proxy Record referred to

If multiple IP Addresses connects to a particular Proxy Threat (URL) you can scroll down/up, arrows indicate that there are more elements in the list.

Timeline

Data source file: timeline-{id}.tsv
Timeline is created using the connections found during the Threat Investigation process. It will display 'clusters' of IP connections to the Proxy Record (URL), grouped by time; showing an overall idea of the times during the day with the most activity. You can zoom in or out into the graphs timeline using your mouse scroll. The number next to the IP Address represents the quantity of connections made from that particular IP to the Proxy Record in the displayed time.

Input files

threats.csv   
incident-progression-{id}.json
timeline-{id}.tsv