- Dashboards
- Navigation Overview
- View and Interact with Dashboards
- View and Interact with Visualizations
- User Management
- Configure and Manage Dashboards
- Create a Dashboard
- Add a Visualization to a Dashboard
- Add a Text Tile
- Modify a Dashboard Layout
- Add Dashboard Filters
- Manage Automatic Refresh Rates
- Create a Scheduled Report
- Make a Dashboard Public
- Export and Import Dashboards
- Edit Dashboard Filters
- Edit Dashboard Details
- Duplicate a Dashboard
- Delete a Dashboard
- Configure and Manage Visualizations
- Create a Visualization
- Auto-Create a Visualization from a Natural Language Prompt
- Create a Visualization from a Search Query
- Add Visualizations from the Library to a Dashboard
- Modify a Visualization
- Configure Visualization Query Filters
- Include Context Filtering in Visualizations
- Make a Visualization Public
- Export and Import Visualizations
- Duplicate a Visualization
- Remove a Visualization from a Dashboard
- Delete Visualizations from the Library
- Configure and Manage Scheduled Reports
- Pre-Built Dashboards
- Advanced Analytics Dashboards
- AI/LLM Dashboards
- Case Manager Dashboards
- Compliance Dashboards
- Correlation Rules Dashboards
- Event Store Dashboards
- Access Grant and Revoke Activity
- Account Logout Summary
- Account Management Activity
- Application Security Event Summary
- Authenticated User Accounts on Hosts
- AWS CloudTrail Summary
- Data Loss Prevention Activity – Host-Based
- Data Loss Prevention Activity – User-Based
- Data Loss Prevention Activity Summary
- Default Account Access
- Default Credential Usage and Change Activity
- Denied Web Access Activity
- Disabled User Account Summary
- Discovered Attacks by Source and Destination
- Endpoint Detection and Response
- Failed Application Logon Activity
- Failed Audit Logs Summary
- Failed Host Login Attempt Counts by Users
- Failed VPN Login Attempts and Remote Session Timeouts
- Firewall Activity
- Firewall and Router Device Interfaces
- IOC Statistics
- Insecure Authentication Attempts
- Log Delay Insights
- Microsoft 365 Summary
- Microsoft Windows Overview
- Network Applications by Traffic Volume
- Policy Activity Summary
- Ports Usage Trend
- Privileged Access
- Privileged Access – User-Based
- Protocols by Network Traffic
- Remote Session Overview
- Security Alert Summary – Impacted Hosts
- Security Alert Summary – Origin Hosts
- Security Alert Summary – Users
- Successful Application Logon Activity
- Successful Database Login Activity
- Successful Physical Access
- Top Attackers
- User Account Creation Summary
- User Account Lockout Activity
- Vendor Authentication Activity
- Windows Audit Failure Summary by Hosts
- Windows Audit Failure Summary by Users
- Windows User Privilege Elevation
- Zscaler HTTP Dashboard
- Security Operations Center Management Dashboards
- Threat Center Dashboards
- Pre-Built Visualizations
- Anomalies - Use Case & MITRE Coverage
- Anomalies by Rule Name
- Anomalies by Use Case
- Anomalies Count Over Time
- Anomaly Distribution by MITRE Tactic & Score
- Application Count
- Closed Incidents
- Correlation Rules by Severity
- Correlation Rules Triggered Over Time
- Detected Anomalies
- Host-Based DLP Alerts Count
- Incidents Created
- Incident Summary by Incident Type
- Number of Hosts with DLP Alerts
- SOC Incident Distribution
- Top 5 Host-Based DLP Alert Categories
- Top 5 Protocols in Host-Based DLP Alerts
- Top 10 Host-Based DLP Alert Types
- Top 10 Hosts with DLP Alerts
- Top Activities per Top 10 Applications
- Top Users per Top 10 Applications
- Trend of Application Security Events
Anomalies
The Anomalies dashboard features three visualizations: Anomalies by use case, Anomalies count over time, and Anomalies by rule name.
Dashboard Filters
You can filter the dashboard visualizations by time, rule names, risk scores, and trigger counts.
To set the filters:
Click the drop-down icon on the right.
Change any of the following filters:
Approx Log Time – Select an operator from the first drop-down menu. Options include is in the last, is on the day, is in the range. Enter or select values in the adjacent fields to complete the filter configuration.
Note
The default setting for Approx Log Time is in the last seven days.
Rule Name – select an operator from the first drop-down menu, and then enter a rule name in the field on the right. To add a condition to the filter, click the plus icon
to the right of the filter. A new condition row is added. Select an operator and complete the fields as needed.
Score – Click and move the handles at the left and right ends of the slider bar to set the score range. The available range is from 0 to 100.
Trigger Count – Click and move the handles at the left and right ends of the slider bar to set the range of trigger counts. The available range is from 0 to 10,000.
Click Apply. The updated filters are applied to the visualizations on the dashboard.
Anomalies by Use Case
This heat map breaks down the number of anomalies by use case over the selected time range. Darker shading indicates a greater number of use cases. To drill down into a graph value and open a list of the represented entities and their counts, click a graph square and then click Show All [n].

Anomalies Count Over Time
This area chart represents the count changes of the different anomaly types over the selected time range. Move your pointer over a graph area to highlight it and display the data points. To drill into a data point value and open a list of the represented entities and their counts, click a data point and then click Show All [n].

Anomalies by Rule Name
This table breaks down the anomalies by rule name. It shows the number of anomalies per rule name, and provides details on the following: Rule ID, Rule Name, Score, Use Case, MITRE Tag, and Count. To drill down into a rule count value and open a list of the entities represented and their creation times, click a value in the Count column and then click Show All [n].
