This article covers the basics of how to use the ContraForce Command page.
The Command Page is an essential component of the ContraForce portal. This page can be used as a guide to further understand your environment and the data being processed. The highest priority incidents can be addressed quickly and efficiently. You also have summary information to help visualize what is happening in your environment. This high level overview of the events, alerts, and incidents helps you as the security operator effectively monitor and protect your resources.
Feature | Description |
Timeframe Dropdown | The Timeframe Dropdown is visible on the top right portion of the Command Page. Here you have options to select 24 hours, 48 hours, 7 days, 14 days, and 28 days. |
Incident Tracker | The Incident Response card categorizes and counts incidents based on severity for a selected timeframe. The trend (up or down arrow) is against the previous timeframe of the same length. The symbols represent Endpoint, Network, Cloud, Identity, and App. If there is an incident for a category, the symbol will be highlighted. This information is useful as it helps you better understand where incidents of different severity are originating from in your environment. By clicking the Review button you are taken directly to the Incidents page. For more information on the Incidents page, you can see that here. |
New High Severity Incidents | High Severity Incidents is one of the cards a user should pay attention to at all times. This card prioritizes the incidents that require immediate review. By clicking Respond, the Gamebooks page will open. You quickly have access to the incident summary as well as other details related to the incident. |
Open Incidents | Open Incidents allows the user to get a sense of the total amount of incidents generated in their environment within the selected timeframe. The time indicators on the x-axis will change depending on the timeframe selected. When hovering over any of the columns, a summary will appear showing the amount of New, Active, and Closed incidents. |