- Dashboards
- Navigation Overview
- View and Interact with Dashboards
- View and Interact with Visualizations
- User Management
- Configure and Manage Dashboards
- Create a Dashboard
- Add a Visualization to a Dashboard
- Add a Text Tile
- Modify a Dashboard Layout
- Add Dashboard Filters
- Manage Automatic Refresh Rates
- Create a Scheduled Report
- Make a Dashboard Public
- Export and Import Dashboards
- Edit Dashboard Filters
- Edit Dashboard Details
- Duplicate a Dashboard
- Delete a Dashboard
- Configure and Manage Visualizations
- Create a Visualization
- Auto-Create a Visualization from a Natural Language Prompt
- Create a Visualization from a Search Query
- Add Visualizations from the Library to a Dashboard
- Modify a Visualization
- Configure Visualization Query Filters
- Include Context Filtering in Visualizations
- Make a Visualization Public
- Export and Import Visualizations
- Duplicate a Visualization
- Remove a Visualization from a Dashboard
- Delete Visualizations from the Library
- Configure and Manage Scheduled Reports
- Pre-Built Dashboards
- Advanced Analytics
- AI/LLM Dashboards
- Threat Center
- Case Manager
- Compliance / Event Store
- Access Grant and Revoke Activity Dashboard
- Account Logout Summary Dashboard
- Account Management Activity Dashboard
- Application Security Event Summary Dashboard
- Authenticated User Accounts on Hosts Dashboard
- AWS CloudTrail Summary Dashboard
- Data Loss Prevention Activity Dashboard – Host-Based
- Data Loss Prevention Activity Dashboard – User-Based
- Data Loss Prevention Activity Summary Dashboard
- Default Account Access Dashboard
- Default Credential Usage and Change Activity Dashboard
- Denied Web Access Activity Dashboard
- Disabled User Account Summary Dashboard
- Discovered Attacks by Source and Destination Dashboard
- Endpoint Detection and Response Dashboard
- Failed Application Logon Activity Dashboard
- Failed Audit Logs Summary Dashboard
- Failed Host Login Attempt Counts by Users Dashboard
- Failed VPN Login Attempts and Remote Session Timeouts Dashboard
- Firewall Activity Dashboard
- Firewall and Router Device Interfaces Dashboard
- Indicator of Compromise (IOC) Statistics Dashboard
- Insecure Authentication Attempts Dashboard
- Microsoft 365 Summary Dashboard
- Microsoft Windows Overview Dashboard
- Network Applications by Traffic Volume Dashboard
- Policy Activity Summary Dashboard
- Port Usage Trends Dashboard
- Privileged Access Dashboard
- Privileged Access Dashboard – User-Based
- Protocols by Network Traffic Dashboard
- Remote Session Overview Dashboard
- Security Alert Summary Dashboard – Impacted Hosts
- Security Alert Summary Dashboard – Origin Hosts
- Security Alert Summary Dashboard – Users
- Successful Application Logon Activity Dashboard
- Successful Database Login Activity Dashboard
- Successful Physical Access Dashboard
- Top Attackers Dashboard
- User Account Creation Summary Dashboard
- User Account Lockout Activity Dashboard
- Vendor Authentication Activity Dashboard
- Windows Audit Failure Summary by Hosts Dashboard
- Windows Audit Failure Summary by Users Dashboard
- Windows User Privilege Elevation Dashboard
- Zscaler HTTP Dashboard
- Correlation Rules
- SOC Management
- Pre-Built Visualizations
- Anomalies - Use Case & MITRE Coverage
- Anomalies by Rule Name
- Anomalies by Use Case
- Anomalies Count Over Time
- Anomaly Distribution by MITRE Tactic & Score
- Application Count
- Closed Incidents
- Correlation Rules by Severity
- Correlation Rules Triggered Over Time
- Detected Anomalies
- Host-Based DLP Alerts Count
- Incidents Created
- Incident Summary by Incident Type
- Number of Hosts with DLP Alerts
- SOC Incident Distribution
- Top 5 Host-Based DLP Alert Categories
- Top 5 Protocols in Host-Based DLP Alerts
- Top 10 Host-Based DLP Alert Types
- Top 10 Hosts with DLP Alerts
- Top Activities per Top 10 Applications
- Top Users per Top 10 Applications
- Trend of Application Security Events
Anomalies Dashboard
The Anomalies dashboard features three visualizations: Anomalies by use case, Anomalies count over time, and Anomalies by rule name.
Dashboard Filters
You can filter the dashboard visualizations by incident creation times, rule names, and risk scores.
To set the filters:
Click the drop-down icon on the right.
Do any of the following:
To set the Incident Creation Time filter, select an operator from the first drop-down menu, and then enter or select values in the adjacent fields to complete the filter phrase.
To add an additional filter phrase, click the plus icon.
Note
The default setting for Incident Creation Time is in the last seven days.
To set the Rule Name filter, select an operator from the first drop-down menu, and then enter a rule name in the field on the right. To add an additional filter phrase, click the plus icon
.
To add an additional filter phrase, click the plus icon and complete the fields as needed.
To set the Score filter, drag the handles at the ends of the slider bar to set a score range.
Click Apply.
The updated filter is applied to the visualizations.
Anomalies by Use Case
This heat map breaks down the number of anomalies by use case over the selected time range. Darker shading indicates a greater number of use cases. To drill down into a graph value and get a list of the represented entities and their respective counts, click the graph square, and then click Show All [n].
Anomalies Count Over Time
This area chart represents the count changes of the different anomaly types over the selected time range. Move your pointer over a graph area to highlight it and display the data points, which you can then click to view their count values and drill down into the data. To view the individual entities represented and their creation times, click the anomaly's count value, and then click Show All [n].
Anomalies by Rule Name
This table breaks down the anomalies by rule name. It shows the number of anomalies per rule name, and provides details on the following: Rule ID, rule reason, score, use case, and MITRE tag. To drill down into a rule name and display the entities represented and their creation times, click the count value, and then click Show All [n].
