- Dashboards
- Navigation Overview
- View and Interact with an Open Dashboard
- View and Interact with an Open Visualization
- User Management
- Configure and Manage Dashboards
- Create a Dashboard
- Add a Visualization to a Dashboard
- Add a Text Tile
- Modify a Dashboard Layout
- Add Dashboard Filters
- Manage Automatic Refresh Rates
- Create a Scheduled Report
- Make a Dashboard Public
- Export and Import Dashboards
- Edit Dashboard Filters
- Edit Dashboard Details
- Duplicate a Dashboard
- Delete a Dashboard
- Configure and Manage Visualizations
- Create a Visualization Using the Basic Method
- Auto-Create a Visualization from a Natural Language Prompt
- Create a Visualization from a Search Query
- Add Visualizations from the Library to a Dashboard
- Modify a Visualization
- Configure Visualization Query Filters
- Include Context Filtering in Visualizations
- Make a Visualization Public
- Export and Import Visualizations
- Duplicate a Visualization
- Remove a Visualization from a Dashboard
- Delete Visualizations from the Library
- Configure and Manage Scheduled Reports
- Pre-Built Dashboards
- Advanced Analytics Dashboards
- AI/LLM Dashboards
- Case Manager Dashboards
- Compliance Dashboards
- Correlation Rules Dashboards
- Event Store Dashboards
- Access Grant and Revoke Activity
- Account Logout Summary
- Account Management Activity
- Application Security Event Summary
- Authenticated User Accounts on Hosts
- AWS CloudTrail Summary
- Data Loss Prevention Activity – Host-Based
- Data Loss Prevention Activity – User-Based
- Data Loss Prevention Activity Summary
- Default Account Access
- Default Credential Usage and Change Activity
- Denied Web Access Activity
- Disabled User Account Summary
- Discovered Attacks by Source and Destination
- Endpoint Detection and Response
- Failed Application Logon Activity
- Failed Audit Logs Summary
- Failed Host Login Attempt Counts by Users
- Failed VPN Login Attempts and Remote Session Timeouts
- Firewall Activity
- Firewall and Router Device Interfaces
- Insecure Authentication Attempts
- IOC Statistics
- Log Delay Insights
- Microsoft 365 Summary
- Microsoft Windows Overview
- Network Applications by Traffic Volume
- Policy Activity Summary
- Ports Usage Trend
- Privileged Access
- Privileged Access – User-Based
- Project Collateral
- Protocols by Network Traffic
- Remote Session Overview
- Security Alert Summary – Impacted Hosts
- Security Alert Summary – Origin Hosts
- Security Alert Summary – Users
- Successful Application Logon Activity
- Successful Database Login Activity
- Successful Physical Access
- Top Attackers
- User Account Creation Summary
- User Account Lockout Activity
- Vendor Authentication Activity
- Windows Audit Failure Summary by Hosts
- Windows Audit Failure Summary by Users
- Windows User Privilege Elevation
- Zscaler HTTP Dashboard
- Security Operations Center Management Dashboards
- Threat Center Dashboards
- Pre-Built Visualizations
- Agentic AI - Result
- Agentic AI - Violations
- Agentic AI by App ID
- Agentic AI Usage by Host
- Agentic AI Users - Blicked/Allowed
- Anomalies - Use Case & MITRE Coverage
- Anomalies by Rule Name
- Anomalies by Use Case
- Anomalies Count Over Time
- Anomaly Distribution by MITRE Tactic & Score
- Application Count
- Closed Incidents
- Correlation Rules by Severity
- Correlation Rules Triggered Over Time
- Detected Anomalies
- Host-Based DLP Alerts Count
- Incidents Created
- Incident Summary by Incident Type
- Number of Hosts with DLP Alerts
- SOC Incident Distribution
- Top 5 Host-Based DLP Alert Categories
- Top 5 Protocols in Host-Based DLP Alerts
- Top 10 Host-Based DLP Alert Types
- Top 10 Hosts with DLP Alerts
- Top Activities per Top 10 Applications
- Top Users per Top 10 Applications
- Trend of Application Security Events
Modify a Visualization
There are multiple ways to begin editing an existing visualization, depending on where you start from, and whether or not the visualization is already included in the visualization library or on any dashboards.
Access the visualization you want to modify in one of the following ways:
Not included on a dashboard – If the visualization is not yet part of any dashboards, navigate to the Visualizations tab. Depending on your viewing mode, locate the row or tile of the visualization you want to edit and either click it or click the options menu icon (
) and select Edit Visualization. When the visualization opens, click Edit in the top right. The Create a Custom Visualization page opens. Skip Step 2 and continue with Step 3.Included on a dashboard – If the visualization is already included on one or more dashboards you can access the visualization for editing from either the Visualizations tab or from within a specific dashboard:
From the Visualizations tab – Locate the row or tile of the visualization and do one of the following:
Click to open it and then click the Edit button. A selection dialog box opens. Continue with Step 2.
Click the options menu icon (
) and select Edit Visualization. A selection dialog box opens. Continue with Step 2.
From within a dashboard – Click Edit to enter the dashboard edit mode. Locate the tile of the visualization on the dashboard, click the options menu icon (
) in the top right corner of the tile, and select Edit. A selection dialog box opens. Continue with Step 2.
In the selection dialog box, choose one of the methods below to handle editing a visualization that is included on one or more dashboards. To see a list of the dashboards the visualization is linked to, click Show linked dashboards icon (
) at the bottom of the dialog box.Edit on all dashboards – Edit the visualization so that it's updated on all of the dashboards it's linked to. Click this option and the Create a Custom Visualization page opens in the Basic editing mode.
Copy and edit – Make a copy of the visualization and update the copy. Click this option and the Create a Custom Visualization page opens in Basic editing mode with a copy of the visualization in the preview. The original visualization is not affected by any subsequent editing.
Unlink and edit – Unlink the visualization from some or all of its linked dashboards before updating. Click this option and a new dialog box lists all of the dashboards the visualization is included on. Click Unlink next to each dashboard you want to remove the visualization from. Then click Continue to Edit. The Create a Custom Visualization page opens in Basic editing mode.
When the Create a Custom Visualization page opens, you do any of the following to modify the visualization in Basic mode:
In the Data panel on the left, modify the Fields selected for visualization or you can select a Metric other than
count.In the Filters panel, you can modify (but not remove) any Required Filters. You can also change or add your own Query Filters.
In the Appearance panel, you can update the Title of the visualization or modify the Chart Type selection.
For detailed information about the Basic visualization authoring procedure, see Create a Visualization Using the Basic Method.
To view the results of your modifications, click Update Preview to regenerate the data and the chart preview on the right side of the page.
When you're satisfied with the custom visualization, click Save Visualization.