The Day-One Situational View
The platform home page. Summarises the entire curated threat-intelligence feed in headline numbers, exposes recent activity trends, and gives immediate visibility into which threat actors and adversary types are most active right now.
Intelligence Overview — from the user guide
The screenshot below is taken from the platform user guide. Sensitive data fields are redacted with solid blocks; the page chrome is cropped for clarity.
Why this page exists
The Intelligence Overview is built to answer the first question every SOC analyst has at the start of a shift: “what does the landscape look like right now?” Five headline counters report the live state of the indicator catalogue — total active IOCs, unique critical-severity IOCs, the count of IPs, domains, and hashes — and refresh each time the page is loaded. Below them, a panel of recent activity charts surfaces what is moving: confidence band distribution, severity distribution, IOC type distribution, top adversaries by volume, top categories by volume, and IOCs by detected geography.
Two adjacent charts go further. The IOCs by Day chart shows submission velocity across the catalogue for a recent rolling window; the IOCs by Source chart shows where indicators are arriving from. Together they answer the second SOC question: “is anything happening differently this week?”
Every chart is click-through. Clicking a bar, slice, or row takes you directly into the deep view that holds the matching records — usually IOC Management, the Threat Actors page, or one of the Knowledge Graph tabs — with the filter pre-applied. Most analyst workflows on a fresh shift start with five minutes on the Overview and then drill into one or two specific anomalies it surfaces.
How operators use this page
Start your shift
Open the Overview. Note the headline counters and compare against your mental baseline. Scan the Top Threat Actors and Top Categories panels for anything unfamiliar. Click into any actor or category that warrants follow-up.
Drill from chart to detail
Every chart element is a link. Click a top-actor bar to land on the per-actor detail page. Click a category slice to land on IOC Management filtered to that category. Click an IOCs-by-Day spike to see the indicators that caused it.
Build a coverage snapshot
For weekly reporting, capture the headline counters, the severity distribution donut, and the top adversaries panel. The data is current to the moment of capture.
What the page shows
Headline counters (total active IOCs, critical severity count, IP / domain / hash counts), Top Threat Actors, Top Categories, Severity Distribution, Confidence Bands, IOCs by Day, IOCs by Source, IOCs by Geography, IOC type breakdown.
Best practices and limits
- Time windows at the Overview level are fixed — for variable windows use Intelligence 360.
- Headline counter values reflect the full active catalogue, not just the current week.
