Improvement of the display of "Observed Data" on Alert page
Significant work has been done on the display of the detail elements of an alert. The work mainly focused on “Observed Data”, which corresponds to the SEKOIA.IO internal representation of all the events collected.
Here is the new display of an Observed Data:
Metadata of an "Observed Data"
A new block has been added at the top of the screen to display the metadata associated with an "Observed Data". It is thus possible to distinguish at first glance the type and format of the observed data, its relative date, as well as the entity for which the observation was made.
Several redundant or technical information has been removed from this display area, but it is still possible to access all of the raw "Observed Data" information by clicking on the icon '<>'.
Display of objects associated with "Observed Data" (SCO)
Various changes have been made to the display of SCOs in an Observed Data. SCOs are the “STIX Cyber-observable Objects”, corresponding to the observable details objects, such as IP addresses, domain names, ports, file names, e-mail addresses, etc.
SCOs involved in raising the alert are now highlighted in blue and unrolled by default. We can therefore understand the alert more quickly and start analyzing it immediately.
In addition, any “tags” associated with SCOs are displayed directly on the title of the SCO. These “tags” correspond to enrichments by SEKOIA.IO of the events received. A flag icon is displayed in place of the text for the “tags” designating countries.
Raw events, as sent by your systems, are now available directly on the page describing an "Observed Data".
Full raw event is available by clicking on icon '<>'.