RiskAnalytics is proud to announce a new interface for managing your security device(s). On June 19, 2015 the new RA Force security dashboard beta version was made available through both your existing RiskTool login as well as a new custom URL that will be communicated to you after the deployment.
This new security dashboard replaces the existing "Security" tab in RiskTool. We will continue to support the Security tab within RiskTool for the time being, but eventually this tab will be removed and all interaction with your RiskAnalytics device will occur in the RA Force security dashboard.
There are several new and exciting features to the interface that we will outline in this page:
- New Layout
- RiskTool Integration
- Monitoring Overview Page
- Threat Intel Search
- Overview - Here you can get the bulk of your reporting, including security-based blocks and policy-based blocks.
- Devices - Lists all devices associated to your Account.
- Alerts (ThreatSweep customers only) - Lists all Low, Medium and HotAlerts that have been identified by your device.
- Threat Intel Search - Allows you to search the shunlists and whitelists by IP address.
- Alert Configuration (ThreatSweep customers only) - Provides customization for the types of alerts you'd like to receive notifications for.
- Shunlist - Settings for the both Security- and Policy-based lists.
- Whitelist - Allows you to review the Global Whitelists and add a new whitelist entry.
While not all of these pages listed above will have changes, you will be able to manage them all either here in RA Force or in the RiskTool web app.
The Overview page is a brand new dashboard to allow you to interact with the most important information your device is returning. There are several new reporting options.
Data Reporting Intervals - Data is now returned to RA Force every 15 minutes. In the past we were reporting daily, so this is a significant update to the granularity to which you can assess and interact with the data.
Devices - The "Devices" picker in the top toolbar allows you to quickly filter between "All Devices" or a specific device associated to your Account. The default is "All Devices."
Time Picker - The time picker allows you to select a custom range to return statistics based on a previous time period "ending now." You can also select custom date ranges in the past. The default is "7 days ending now."
Report Types - At the top of the graph, you can now select between "security based blocks" and "policy based blocks."
Report Highlights - At the bottom of each report, you can now turn on/off each of the different block types simply by clicking the name. The report will refresh with the parameters that remain.
Report Zoom - By clicking and dragging, you can now get a quick view into a specific date or time range with a single click. Just scroll over the time period on the graph you'd like a closer look at, and the graph and the Top 10 Blocked IPs will refresh accordingly.
- Report Scroll-overs - By mousing over the data points in the graph, you can get more granular data about that block type and time period.
Top 10 Blocked IPs - Based on your reporting parameters (Devices, Time Picker and Report Type), the Top 10 Blocked IPs will be displayed. You can click on the IP address to get more information about the Owner, Registrar, Country Code, Status and additional IP details.
Threat Intel Search
We've brought the ability to search for an IP address to the forefront. This was accessible on the Security tab in RiskTool under "Shunlist," but in an effort to provide additional research tools to our customers, we've made this a single click away from the Overview page. The functionality remains to search for an IP address and be returned pertinent details regarding the information we have available.
- Inbound/Outbound toggles on block reporting data sets
- CSV downloads of all reports
- IP address pop-up enhancements, such as hostname data
- Extension of the Top 10 Blocked IPs to include ALL Blocked IPs