A Story is one of the core components of the Hunters SOC Platform, providing an intuitive way for any security analyst to easily consume multiple leads which were correlated on the Hunters graph. This page explains the different controls within a Story, and how to consume it in order to effectively triage correlated leads in the environment.
Story interface
General Options
General options for further view settings and personalization
| # | Description |
|---|---|
| 1 | Copy the Story's URL and view the Story in full screen |
| 2 | Copy the Story's full UUID to the clipboard |
| 3 | Zoom in/out, as well as view the Story in full screen |
| 4 | Bookmark a Story for later usage. Bookmarked stories can be accessed through the Bookmarks tab on the top right of the Stories page |
| 5 | Comment and collaborate on the Story, including tagging other team members and uploading files |
| 6 | Indicates whether this story is the most current and updated version or if a more updated version is available. Stories may evolve over time as new signals are detected in the environment. The logic behind the evolution of stories is described in more detail later on this page |
Triage
.png?sv=2022-11-02&spr=https&st=2025-04-19T22%3A38%3A30Z&se=2025-04-19T22%3A49%3A30Z&sr=c&sp=r&sig=d3j5yPc8i1PaMMhngaFCFIDhksQG76F3cnG%2BLk0Rfro%3D)
Triage options that allow control of the Story
| # | Description |
|---|---|
| 7 | Add a title and description to the Story |
| 8 | Tag a Story and assign it a label. Options are Pen-Testing, Red Team, Bad Practice, Malicious, Authorized Activity, Irrelevant Correlation |
| 9 | Set the Story status. Options are New, WIP (Work in Progress), Done, Reopened |
| 10 | Batch classification of all leads in the Story |
| 11 | Assign the Story to an analyst |
| 12 | Change the Story layout. Options are Network, Network-Hierarchy, Raw Network, Story (default layout). Working with the different layouts provides a better understanding of the underlying correlation |
| 13 | Change grouping by Detector or Entity |
| 14 | Filter the Story view based on leads from specific detectors |
| 15 | The Story's score |
| 16 | Display all leads that are part of the Story |
Story content
The core components of the Story
| # | Description |
|---|---|
| 17 | The time between the first lead to the last lead in the story |
| 18 | Timeline view of the Story. Hovering over specific leads will indicate their position on the Story timeline |
| 19 | The score of the particular lead (based on Risk Score feature) |
| 20 | The detector that generated the lead |
| 21 | The data source used to generate this lead |
| 22 | Indicates the lead's investigation status (Open, WIP, Done) |
| 23 | Open the lead in grid view, hone in, or hide it from view |
| 24 | Entities that are part of the story. Hover over the entity for additional information |
| 25 | How leads are correlated (related entities), showing as direct (purple line) or indirect (grey line) |