View Exposure

You must configure exposure before it can be viewed. For more information, see Configure Exposure.

The Exposure view displays the following exposure-specific information:

  • Exposed: indicates that the entity is exposed — that it is not used in any detection, prevention, or community integrations or processes.

  • Detection: the entity and the intelligence value it holds are being consumed in an integration with an external detection system.
    A green dot under the Detection heading indicates that the information is being used to carry out one of the following action types:

    • A detection follow-up — for example, it can trigger the setting adjustment of a malware detection application.

    • A prevention follow-up — for example, it can instruct a third-party system to block a range of malicious IP addresses or domain names.

    • A community follow-up — for example, it can create and publish a report to notify other parties about the possible threat the entity represents.

  • Prevention: the entity and the intelligence value it holds are being consumed in an integration with an external prevention system.
    A green dot under the Prevention heading indicates that information is being used to carry out one of the following actions:

    • A detection follow-up — for example, it can trigger the setting adjustment of a malware detection application.

    • A prevention follow-up — for example, it can instruct a third-party system to block a range of malicious IP addresses or domain names.

    • A community follow-up — for example, it can create and publish a report to notify other parties about the possible threat the entity represents.

  • Community: the entity and the intelligence value it holds are being consumed in an integration with an external distribution system.
    If the dot is green, the entity information is used to carry out a follow-up action.

    • A detection follow-up — for example, it can trigger the setting adjustment of a malware detection application.

    • A prevention follow-up — for example, it can instruct a third-party system to block a range of malicious IP addresses or domain names.

    • A community follow-up — for example, it can create and publish a report to notify other parties about the possible threat the entity represents.

  • Sighting: The icon indicates that the entity has been found in a secured domain, and that there is a sighting entity record of the occurrence. If an entity has been sighted — it is by default exposed, regardless of any integration with external detection, prevention or information distribution systems. Click the icon to refresh the view and to update it.

View exposed entities

To view exposed entities:

  1. In the left navigation bar, select Exposureimages/download/attachments/82474724/exposure.svg-x24.png .

  2. In the Exposure view, click the Entities tab to display an overview of currently exposed entities.

Filter exposed entities

You can stack and combine as many filters as you need. For example, you can create a filter to view exposure details for indicators that belong to the X, Y, and Z datasets that were ingested in the first half of last month.

To filter exposed entities:

  1. Click the Entities tab.

  2. Click images/download/attachments/3604538/filter.PNG .
    The following filters are provided:

  • Entity: select one or more checkboxes to view exposure details for the specified entity types.

  • Date: select a time interval to view exposure details for the entities ingested between the specified start and end dates.

  • Dataset: select one or more checkboxes to view exposure details for entities that relate to the specified datasets.

    The Dataset filter is not available if results do not include entities that relate to at least one dataset.

Sort entities

To sort items by column header:
  1. Click the header of the column whose content you want to sort.

  2. Click or to sort the content in either ascending or descending order, respectively.