User Guide¶

WitFoo Analytics provides a unified interface for security operations — from artifact search and incident investigation to compliance reporting and threat intelligence.

Modules¶

Signals¶

Search, filter, and investigate security artifacts. Configure lead rules for automatic incident creation and classification rules for severity assignment.

Graph¶

Explore the relationship graph built from correlated artifacts. Nodes represent entities (IPs, domains, users) and edges represent observed relationships between them.

Observer¶

Track analyst work through work units, organize investigations into work collections, define modus operandi (MO) patterns, and record observations for institutional knowledge.

Reporter¶

Generate executive reports covering compliance readiness, tool effectiveness, and cost/savings analysis. Date-range filtering and CSV export for all report data.

CyberGrid¶

Subscribe to and publish threat intelligence feeds. Manage intelligence jobs, browse the threat intelligence library, and share indicators across organizations.

Health¶

Monitor system health with real-time container metrics, historical performance data, and configurable alert rules for CPU, memory, disk, and service availability.

Navigation¶

Use the top navigation bar to switch between modules. The sidebar within each module provides access to sub-pages. Your available modules depend on your assigned role and the deployment's UI module configuration.