ICS Dossier™ Pro Suite v5.6 User Guide

Welcome to ICS Dossier™ Pro Suite! This guide will help you navigate and utilize all features of the dashboard. Our platform aggregates critical threat intelligence from 14+ authoritative sources, providing you with a comprehensive view of ICS/OT security threats, vulnerabilities, and advisories.

1Dashboard Overview

The ICS Dossier™ Pro Suite dashboard consists of three main columns:

Left Sidebar: Main navigation, tour button, glossary access, account home, and key links

Middle Column (Filters): Category and attribute filters to refine your view

Main View: Visualization charts, search bar, and event cards displaying threat intelligence

What is the Main View?

The Main View is the central section of your dashboard where all intelligence events are displayed. This section contains:

Four visualization charts showing data distribution
A search bar for keyword filtering
Event cards displaying individual intelligence items
Selection and export tools

The Main View displays Events. These are individual intelligence items that may include advisories, incidents, vulnerabilities (KEVs), or vendor-specific alerts from sources like Siemens, Schneider Electric, Rockwell Automation, and ABB. All intelligence items are referred to as "events" regardless of their category or source.

The left sidebar provides quick access to essential features:

Dashboard

The main view showing all intelligence feeds, charts, and filtering options.

Start Tour NEW in v5.6

Click to launch an interactive tour that walks you through all dashboard features. The tour is fully replayable and covers nine key areas:

Welcome: Overview of the daily feed and export capabilities

Filter Panel: How to use Category, Country, Target, Attacker, and Relevance score filters

Search Bar: Search within event text and view total event counts

Charts: Quick distribution overview showing events by category, country, target, and attacker

Visualize Button: How to create relationship graphs by selecting multiple events

Event Cards: Reading individual events with titles, tags, scoring, and summaries

Export Bar: Exporting in CSV, Markdown, PDF, or ePUB formats

Glossary: Accessing ICS/OT terminology and vendor terms

Next Steps: Contact information and ongoing exploration

The tour helps new users get up to speed quickly and serves as a reference for experienced users.

Glossary

Click to open a comprehensive glossary of ICS/OT security terms and acronyms. The glossary includes definitions for technical terms, protocol names, threat categories, and industry-specific terminology.

Account Home

Access your account settings and subscription information. See Section 11 for details on account management features.

About

Learn more about ICS Dossier™, our mission, and how we aggregate threat intelligence.

User Guide

Opens this comprehensive guide in a new window.

Contact

Send us an email at dossier@somethingyouknow.io for support, questions, or feedback.

Exit Dashboard

Return to the main ICS Dossier website.

3Using Filters

The middle column contains powerful filtering tools to help you focus on relevant intelligence. Use Category, Country, Target, Attacker, and Relevance score to narrow your view to specific vendors, threats, and regions.

Category Filters

Filter events by type. Available categories include:

Incident KEV Schneider Siemens Rockwell ABB Advisory Research

Note about Siemens: Siemens events may also appear in the KEV category. Even if you see "0 events" for Siemens in the category filter, it's worth adding "Siemens" to the Search field to find KEV events that are directly related to Siemens products. This is because some Siemens vulnerabilities are catalogued as KEVs by CISA and will appear under the KEV category rather than the Siemens category.

Country Filter

Filter by countries mentioned in threat intelligence. This filter helps you track regional threat activity and geographic targeting patterns.

Target Filter

Filter by target sector (energy, manufacturing, water, transportation, etc.). Use this to focus on threats relevant to your industry or monitored infrastructure.

Attacker Filter

Filter by threat actor or adversary group. This helps track specific APT groups, ransomware operators, or nation-state actors.

Relevance Score Filter

Set a minimum and/or maximum relevance score to focus on the most critical alerts. Scores range from 0-100 based on:

Severity level
Exploitability
Asset criticality
Recency

4Understanding the Charts

The Main View features four visualization charts that provide at-a-glance insights into your threat intelligence data. These charts summarize events by category, country, target, and attacker, helping you spot spikes or patterns before diving into individual events.

Category Distribution Chart

What it shows: A horizontal bar chart displaying the count of events in each category (Incident, KEV, Schneider, Siemens, Rockwell, ABB, Advisory, Research).

How to read it:

Each bar represents a category
Bar length indicates the number of events in that category
Colors match the category badges for easy identification
Abbreviated labels appear on the X-axis: INC (Incident), KEV, SCH (Schneider), SIE (Siemens), ROK (Rockwell), ABB, ADV (Advisory), RES (Research)

What the data represents: This chart helps you quickly understand which types of intelligence are most prevalent in your current view. A spike in KEV events, for example, indicates an increase in known exploited vulnerabilities that require immediate attention.

By Country Chart

What it shows: A horizontal bar chart displaying the top 10 countries mentioned in events.

What the data represents: This chart reveals which countries are most frequently referenced in current threat intelligence. High activity may indicate targeted campaigns, geographic vulnerability concentrations, or regional incident clusters.

By Target Chart

What it shows: A horizontal bar chart displaying the top 10 target sectors or industries.

What the data represents: This chart shows which industries or sectors are currently facing the most threat activity. Spikes in specific sectors can indicate coordinated campaigns or vulnerability trends affecting particular infrastructure types.

By Attacker Chart

What it shows: A horizontal bar chart displaying the top 10 threat actors or adversary groups.

What the data represents: This chart identifies which threat actors are currently most active. Tracking adversary activity over time helps understand campaign patterns and threat evolution.

Pro Tip: All four charts update dynamically as you apply filters. Use them together to quickly assess the current threat landscape and identify trends in your filtered view.

5Control Buttons

Located in the top bar of the Main View, these buttons help you manage your dashboard view:

Visualize Button UPDATED in v5.6

Purpose: Opens a network graph visualization showing relationships between selected events through shared CVEs, vendors, and sources.

How to use it:

Select at least two events by checking their boxes
Click the VISUALIZE button
View the interactive graph showing connections between events, CVEs, sources, vendors, and threat actors
Hover over nodes for details

The visualization helps identify patterns and relationships that may not be obvious when viewing events individually.

Pre-Sorted Views Dropdown

Available views:

Main View: Default chronological display
By Country: Groups events by country mentioned
By Attacker: Groups events by threat actor
By Target: Groups events by target sector

Reset Main View Button

Click RESET MAIN VIEW to instantly clear all active filters and return the dashboard to its default state showing all events.

6Selecting and Managing Events

Events are the individual intelligence items displayed as cards in the Main View. Each event card represents an advisory, KEV entry, incident, or research item. Event cards contain titles, tags, scoring, and short summaries to help you triage quickly.

Event Card Contents

Each event card displays:

A checkbox for selection
Category badge (color-coded)
Title and description
Publication date
Source attribution
Relevance score
Related CVEs (when applicable)
Tags for affected systems/vendors

How to Select Events

Individual Selection: Click the checkbox in the top-left corner of any event card to select it.

Multiple Selection: Click multiple event checkboxes to select several events at once. The selection counter at the top of the Main View will show how many events are currently selected.

Why Select Events?

Export: Selected events can be exported in multiple formats (CSV, Markdown, PDF, ePUB)
Visualization: Create relationship graphs showing connections between selected events
Focused Analysis: Mark specific events for detailed review

Pro Tip: Combine filters with selection to create targeted intelligence reports. For example, filter by "KEV" category and "CISA" source, then select all matching events to export a focused KEV report.

7Export Functions

The selection bar at the top of the event cards area provides powerful tools for managing and exporting your intelligence data. Use these buttons to export the current view as CSV, Markdown, PDF, or ePUB. Great for reports, offline reading, or sharing with your team.

SELECT ALL CLEAR ALL CSV MARKDOWN PDF EPUB

Select All Button

Purpose: Selects all currently visible events in your filtered view.

Clear All Button

Purpose: Deselects all currently selected events.

CSV Export Button

Purpose: Exports selected events to a CSV file for use in spreadsheet applications.

Best used for: Data analysis in Excel or Google Sheets, creating custom reports, sharing data with team members, importing into other security tools.

Markdown Export Button

Purpose: Exports selected events in Markdown format for documentation and reporting.

Best used for: Creating documentation in GitHub, generating reports for wikis, sharing intelligence summaries via Slack or Teams.

PDF Export Button

Purpose: Exports selected events to a professionally formatted PDF document.

Best used for: Executive briefings and management reports, archiving intelligence reports, print-ready documentation.

ePUB Export Button

Purpose: Exports selected events to an ePUB ebook format for reading on mobile devices and e-readers.

Best used for: Mobile reading on tablets and smartphones, offline access during travel.

Workflow Example

Filter events by "KEV" category and last 7 days

Click "SELECT ALL" to select all KEV events

Click "PDF" to generate an executive summary

Click "CSV" to export the same data for detailed analysis

Click "CLEAR ALL" when done

8Search Functionality

The search bar at the top of the Main View allows you to quickly find events by keyword. Search within event text and see the total number of events in view. This is your starting point for narrowing an investigation.

Search Tips

Vendor names: Search for "Siemens", "Schneider", "Rockwell", "ABB" to find vendor-specific events
Protocols: Search for "Modbus", "DNP3", "OPC", "BACnet" to find protocol-specific vulnerabilities
CVE IDs: Enter CVE identifiers like "CVE-2024" to find specific vulnerabilities
Product names: Search for specific products like "SIMATIC", "TIA Portal", "ControlLogix"

Remember: As mentioned in Section 3, even if Siemens shows "0 events" in the category filter, searching for "Siemens" may reveal KEV events related to Siemens products that are catalogued under the KEV category.

9Glossary

Click "Glossary" in the left sidebar to open a comprehensive reference of ICS/OT security terminology. Open the Glossary to look up ICS/OT terminology, tactics, protocols, and vendor terms as you work through the feed.

Main View

The central display area of the ICS Dossier™ dashboard where all intelligence events are shown. The Main View contains visualization graphs, the search bar, filter controls, and event cards.

ICS (Industrial Control Systems)

Computer systems that monitor and control industrial processes. ICS includes SCADA systems, DCS, and other control system configurations used in critical infrastructure.

OT (Operational Technology)

Hardware and software that detects or causes change through direct monitoring and control of physical devices, processes, and events.

KEV (Known Exploited Vulnerability)

Vulnerabilities listed in CISA's catalog that are known to be actively exploited in the wild, requiring immediate attention.

PLC (Programmable Logic Controller)

Industrial digital computers adapted for the control of manufacturing processes, such as assembly lines and machinery.

Note: The full glossary in the dashboard contains many more terms and is continuously updated.

10Tips & Best Practices

Daily Workflow Recommendations

Morning Review: Check the Category Distribution chart to see which types of events are most prevalent
Filter by Priority: Start with KEV category to address known exploited vulnerabilities
Vendor-Specific Checks: Search for your specific vendors (e.g., "Siemens" or "Rockwell") to find relevant updates
Export for Team: Use "Select All" + "PDF" to create daily briefings for your team

Export Strategy

Format	Best Used For
CSV	Detailed analysis and data manipulation
Markdown	Documentation and team collaboration
PDF	Executive summaries and presentations
ePUB	Mobile reading and offline access

Pro Tip: Create a weekly routine where you filter by date range (last 7 days), export all KEV events as PDF for management, export vendor-specific events as CSV for technical teams, and document notable events in Markdown for your security wiki.

11Account Home

Access your account settings and subscription information by clicking "Account Home" in the left sidebar.

Subscription Tiers

Analysts Free Edition

Access to all intelligence feeds
Basic filtering and search
Standard export options
Community support

Professional Suite (Premium Edition)

Everything in Free Edition
Advanced analytics and visualizations
Priority support
API access
Custom alerting
Extended data retention

Payment Gateway Coming Soon: ICS Dossier™ is implementing a secure payment gateway to streamline upgrades to the Professional Suite. Free users will be able to easily upgrade to access premium features.

12Terms of Use

Important Legal Information: By accessing and using ICS Dossier™ Pro Suite, you agree to be bound by these Terms of Use. Please read them carefully.

License and Access

Something You Know™ grants you a limited, non-exclusive, non-transferable, revocable license to access and use ICS Dossier™ Pro Suite for your internal security and intelligence purposes only.

Permitted Uses:

Accessing threat intelligence for cybersecurity defense purposes
Conducting security research and analysis
Generating reports for internal security operations
Sharing intelligence within your organization (subject to subscription level)

Prohibited Uses:

Redistributing, reselling, or sublicensing the Service or its data
Using automated tools to scrape, harvest, or extract data beyond normal usage
Attempting to reverse engineer, decompile, or disassemble the Service
Accessing the Service to build a competitive product or service
Using the Service for any illegal or unauthorized purpose

Limitation of Liability

IMPORTANT LEGAL NOTICE

TO THE MAXIMUM EXTENT PERMITTED BY LAW:

NO WARRANTIES: The Service is provided "AS IS" and "AS AVAILABLE" without warranties of any kind
NO LIABILITY FOR DAMAGES: Something You Know™ shall not be liable for any indirect, incidental, special, consequential, or punitive damages
NO LIABILITY FOR SECURITY DECISIONS: We are not liable for any security breaches, incidents, or damages resulting from decisions made based on intelligence provided

Contact for Terms Questions

If you have questions about these Terms of Use, please contact us at:

Email: dossier@somethingyouknow.io
Subject Line: "Terms of Use Inquiry"

Last Updated: December 2024
Effective Date: Upon access or use of ICS Dossier™ Pro Suite

13Support & Feedback

Need Help?

For support, questions, or technical issues, contact us at:

dossier@somethingyouknow.io

What to Include in Support Requests

A clear description of your question or issue
Screenshots if applicable
Your account type (Free or Professional)
Browser and version you're using

Feedback

We continuously improve ICS Dossier™ based on user feedback. Please share your suggestions for:

New features you'd like to see
Additional intelligence sources to integrate
User interface improvements
Documentation enhancements

⚡ ICS Dossier™ Pro Suite

1Dashboard Overview

What is the Main View?

2Navigation & Sidebar

Dashboard

Start Tour NEW in v5.6

Glossary

Account Home

About

User Guide

Contact

Exit Dashboard

3Using Filters

Category Filters

Country Filter

Target Filter

Attacker Filter

Relevance Score Filter

4Understanding the Charts

Category Distribution Chart

By Country Chart

By Target Chart

By Attacker Chart

5Control Buttons

Visualize Button UPDATED in v5.6

Pre-Sorted Views Dropdown

Reset Main View Button

6Selecting and Managing Events

Event Card Contents

How to Select Events

Why Select Events?

7Export Functions

Select All Button

Clear All Button

CSV Export Button

Markdown Export Button

PDF Export Button

ePUB Export Button

Workflow Example

8Search Functionality

Search Tips

9Glossary

10Tips & Best Practices

Daily Workflow Recommendations

Export Strategy

11Account Home

Subscription Tiers

Analysts Free Edition

Professional Suite (Premium Edition)

12Terms of Use

License and Access

Permitted Uses:

Prohibited Uses:

Limitation of Liability

Contact for Terms Questions

13Support & Feedback

Need Help?

What to Include in Support Requests

Feedback