ThreatEye Workflow
ThreatEye is simple and easy to use! Here are the steps to get you started:
1. If not already done by LiveAction, set up the ThreatEye probe (LiveWire appliance). You will need to make sure the ThreatEye license is installed and that a ThreatEye capture is created and sending telemetry to ThreatEye. See Sending Telemetry to ThreatEye.
2. Log into ThreatEye using the URL provided by LiveAction. See Logging into ThreatEye.
3. View the Executive Dashboard to get a birds-eye overview of what is going on in your environment. See Executive Dashboard.
4. View the Analyst Dashboard to see more in-depth information on the types of threats and attacks monitored in your environment. See Analyst Dashboard.
5. View the Policy Investigation Dashboard to see the high-level policy information about what is going on in your environment. Policy information is driven by Flow data. See Policy Investigation Dashboard.
6. View the Findings Explorer to see more in-depth information on the types of threats and attacks monitored in your environment. Findings are a crucial component to ThreatEye and can be filtered and searched to display more targeted results. See Findings Explorer.
7. View the Casebooks Dashboard to see and manage the casebooks assigned to individuals within your organization. See Casebooks.
8. View the Settings to see and manage Filters, Tags, and Omnipeek Integration. The Settings are only available to users that have been assigned an Administrator role with ThreatEye. See Settings.