This tutorial will guide you through the main features of the interface, ensuring you understand how to navigate and utilize each section effectively.
1. Indicators of Attack
This section provides an overview of the current attack indicators categorized by risk level.
- High Risk: Immediate attention required.
- Medium Risk: Monitor and plan mitigations.
- Low Risk: Regular monitoring.
Click on the pie chart to get detailed reports for each risk category.
2. Keepalive Uptime Status
Displays the uptime status of various systems, indicating the number of passed and failed keepalive checks.
- Green Bars: Passed checks.
- Red Bars: Failed checks.
3. Trends Over Time
This graph tracks the trends of detected issues over time. It represents trends for different products (Red, Exsight, Insight), allowing you to assess the organization’s security posture.
4. Latest Activities
Lists the most recent security-related activities and findings.
- Severity Levels: Critical and Medium.
- Activity Details: Type of activity, number of findings, and their risk levels.
Click on an activity title to view detailed logs and recommended actions.
5. Recent Leaked Assets (8 Weeks)
Summarizes the recent leaked assets over the past eight weeks.
- Total Leaked Assets: Indicates the severity of recent data breaches.
- Consumers: Shows the number of affected users.
Regularly check this section to assess the impact of recent security incidents.
6. Domain Users
Displays the number of domain users identified in the system. Use this information to ensure all users are accounted for and have appropriate access levels.
7. Domain Users in Other Domains
Indicates the number of domain users found in other domains. This helps in identifying potential cross-domain user activities. Investigate any unexpected users in other domains to prevent unauthorized access.
8. Infected Computers
Shows the number of infected computers detected. Critical for identifying and isolating compromised devices.
Action: Immediately isolate infected computers to prevent the spread of malware.
9. Consumers
Provides the number of exposed consumers in recent incidents. Important for assessing the impact on end-users.
Action: Inform affected consumers promptly and provide guidance on protective measures.
10. URLs
Tracks the number of exposed URLs. This is useful for analyzing web-related threat vectors.
11. Passwords
Lists the number of passwords involved in recent leaks or incidents. Helps in understanding the scope of credential compromises.
Recommendation: Encourage users to change their passwords regularly and use multi-factor authentication.
12. Usernames
Counts the number of exposed usernames found in recent incidents. Important for assessing user identity exposure.
Action: Monitor for any unusual login activities and enforce strong password policies.
13. Threat Analytics
Provides a geographical representation of threat incidents.
- Includes: Map visualization showing locations where threats have been detected.
- Action: Focus defensive measures on regions with high threat activity and adjust security policies accordingly.
Conclusion
By following this tutorial, you should be well-equipped to navigate and make the most of the RedRok Dashboard. Remember to regularly review each section to stay on top of your organization’s security posture.
Tip: Tailor the alert settings in RedRok to ensure you receive notifications for critical incidents promptly. This proactive approach will help you respond quickly to potential threats.
