top of page

Cybersecurity - SIEM Entities View

Insight Details - Entities View - Graph.png
Recommendation Based UX: Projects

Overview

  • My Role: UX Manager (Project Oversight, Review & Consulting)

  • The Problem: Security Information and Event Management (SIEM) systems are a critical tool for security operations center (SOC) analysts to investigate threats. When a security threat occurs, understanding the relationships between the entities involved (users, systems, endpoints) is critical for an investigation. Within the Sumo Logic Cloud SIEM Insight, there was no consolidated view to visualize these connections, forcing analysts to manually piece together information, which was time-consuming and inefficient.

  • The Solution: This project introduced a dedicated "Entities View" directly within the Insight. The new view provides both a graphical and a list-based representation of all entities involved in a security event. This allows analysts to instantly visualize relationships, select an entity to see more information, and navigate to other relevant parts of the system to continue their investigation seamlessly.

Recommendation Based UX: Projects

Scope and Goals

  • Strategic Goals: Our primary objective was to accelerate the investigation process by providing clarity on entity relationships. We aimed to:

    • Provide a clear, immediate visualization of all entities involved in a security Insight.

    • Reduce the time it takes for a SOC Analyst to understand the scope of a threat.

    • Simplify navigation from an event to detailed entity information.

    • Empower analysts to make faster, more informed decisions during an investigation.

  • My Core Responsibilities:

    • Project Oversight: I was responsible for the overall project oversight from a design perspective. I ensured the project, which was conducted by one of my team members, aligned with our product's strategic goals and design standards.

    • Mentorship & Consulting: I provided regular guidance to the designer, consulting on the use of common patterns, ensuring standardization, and acting as a sounding board for key design decisions.

    • Design Review: I reviewed all major design milestones, from initial concepts to final visual designs, to ensure the solution was high-quality, usable, and met the project's objectives.

Insight Details.png

Insight: When a security event is detected, the system generates an Insight. The Insight provides the SOC Analyst a comprehensive view of the event.

Insight Details - Entities View - Graph_

Entities Graph: Provides the user a graphical view of all the entities associated with the event

Insight Details - Entities View - Graph - Details Panel.png

Entity Details Panel: Provides additional information about the entity selected in the graph

Recommendation Based UX: Projects
Entities View - Expand Node.png

The analyst can expand a node in the graph to view additional entities related to that node

Entitie View - Filter.png

Filter: allowing the analyst to filter the graph by entity type

Insight Details - Entities View - List.png

List View: The analyst can toggle between the graph view and a list view

Itai Kranz

bottom of page