Overview

For this version of PassiveTotal, we set out to update the user interface to make investigations even easier and place more control over RiskIQ's data in our analyst communities' hands.  Major user experience improvements include:


Guided Platform Tours

Tours will provide new and returning users with easy to follow tours of core system functionality such as our search capabilities and project features.  Tours allow users to quickly understand the power of the PassiveTotal platform and how to best make use of the system to conduct investigations.  This feature also gives the platform a seamless way to onboard new users and educate them on PassiveTotal.

PassiveTotal Timebar

Time is a critical factor in any investigation.  Easily building out a timeline of an attack campaign or focusing an investigation around a  specific timeframe can increase response time.  With is in mind, we have expanded on our Heatmap concept for visualizing resolution history and developed a timeline that visualizes all resolution history for a given domain or IP address.  Analysts can now choose any 6 month timeframe they would like to be represented by the Heatmap.

Data Filtering

Providing users more control over how they view and interact with data within PassiveTotal was a big addition to this updated version of the platform.  Often times during an investigation analysts can be overwhelmed with the amount of data that is returned when querying for an entity.  In this release, we provide analysts with the ability to filter data sets by specific facets that are important to their investigation allowing more control over the data.  Additionally, analysts can column sort data based on certain parameters associated with the data they are viewing.

Breadcrumbs

The new breadcrumb functionality allows users to easily track pivots and provides the ability to visually understand how they progressed to a certain entity in the system.  Breadcrumbs are helpful to investigators who may quickly dig down into RiskIQ data and become removed from the initial query, this functionality allows them to easily trace their steps back to the origin of their investigation.