Detections

The Detections page offers a complete interface for monitoring and managing security threats detected in real-time by Cloud Detection and Response across your infrastructure. This dashboard allows security analysts and IT professionals to track, analyze, and respond to security findings in real-time from a single view.

The Detections page consists of the following components:

Summary Cards

The dashboard header contains four key metric cards:

1. Top 10 ASSETS WITH THREATS: It lists the most vulnerable or targeted assets and helps prioritize security responses.
2. 7 DAYS THREATS: Presents a weekly overview of security threats while enabling trend analysis and pattern recognition.
3. ACCOUNTS/SUBSCRIPTIONS/PROJECTS: Shows security findings across different organizational units and helps identify affected resources.
4. SEVERITY: Shows the severity distribution of security findings and offers quick insight into critical issues.

Data Lists

On the main data list screen, you can find multiple columns that presents security findings collected from CDR.

The available columns are:

1. Duration: The duration for which you would like to see the CDR findings. Example: Today, Last 24 Hr, Last 7 days
2. Search for CDR findings: Use detection-specific QQL tokens to search for specific findings, or filter results based on a specific search criterion. For more information, refer to "Detections Tokens" for the Investigate tab.
3. Search filters: The search filters let you filter the security findings by type, group, and resource type.
4. TITLE: A descriptive name of the security finding.
5. DETECTED ON: Shows the precise date and time when the threat was detected.
6. SEVERITY: Shows the severity level associated with the threat.
7. MITRE: The MITRE tactic name and ID linked to the threat.
8. AFFECTED RESOURCE: Shows the assets affected by these findings.
9. CLOUD IDENTIFIER: Shows which cloud provider is affected by this finding.