Adversary view with Hierarchical graph (Adversary → Alert → Echoes)

[mjabascal10]

Describe the feature

Introduce a new Adversary View within the Threat Management module to visualize the relationship between Adversaries, their generated Alerts, and associated Echoes.
This view aims to provide analysts with a clearer understanding of attacker behavior, campaign patterns, and alert propagation over time.

Use Case

Enhance threat intelligence visualization by presenting an interactive, relationship-driven interface that connects Adversaries → Alerts → Echoes in a single view.

Proposed Solution

Feature Overview
• Add a dedicated Adversary View accessible from Threat Management.
• Display a graphical representation showing:
• Each Adversary as a root node.
• Alerts generated by that adversary as child nodes.
• Each Alert’s Echoes as secondary-level nodes.
• Allow filtering via sidebar:
• By time range (e.g., last 24h, 7d, 30d)
• By severity or alert type
• By adversary or asset
• On click:
• Selecting an alert node opens the alert details view.
• Hovering shows metadata such as timestamp, affected asset, and severity level.

Other Information

This feature significantly improves situational awareness and threat correlation analysis, enabling faster identification of coordinated attack patterns and adversary behavior trends.

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change