Skip to main content

DashboardDashboards Guide

Anomalies Dashboard

The Anomalies dashboard features three visualizations: Anomalies by use case, Anomalies count over time, and Anomalies by rule name.

Dashboard Filters

You can filter the dashboard visualizations by time, rule names, risk scores, and trigger counts.

To set the filters:

  1. Click the drop-down icon on the right.

    Anomalies-Dropdown-Icon.png
  2. Change any of the following filters:

    • Approx Log Time – Select an operator from the first drop-down menu. Options include is in the last, is on the day, is in the range. Enter or select values in the adjacent fields to complete the filter configuration.

      Incident-Creation-Time.png

      Note

      The default setting for Approx Log Time is in the last seven days.

    • Rule Name – select an operator from the first drop-down menu, and then enter a rule name in the field on the right. To add a condition to the filter, click the plus icon Filter-Plus-Icon.png to the right of the filter. A new condition row is added. Select an operator and complete the fields as needed.

      Rule-Name-Filter.png
    • Score – Click and move the handles at the left and right ends of the slider bar to set the score range. The available range is from 0 to 100.

      Score-Filter.png
    • Trigger Count – Click and move the handles at the left and right ends of the slider bar to set the range of trigger counts. The available range is from 0 to 10,000.

      anomalies-trigger-count.png
  3. Click Apply. The updated filters are applied to the visualizations on the dashboard.

    anomalies-filters.png

Anomalies by Use Case

This heat map breaks down the number of anomalies by use case over the selected time range. Darker shading indicates a greater number of use cases. To drill down into a graph value and open a list of the represented entities and their counts, click a graph square and then click Show All [n].

anomalies-by-use-case.png

Anomalies Count Over Time

This area chart represents the count changes of the different anomaly types over the selected time range. Move your pointer over a graph area to highlight it and display the data points. To drill into a data point value and open a list of the represented entities and their counts, click a data point and then click Show All [n].

Anomalies-Count-Over-Time.png

Anomalies by Rule Name

This table breaks down the anomalies by rule name. It shows the number of anomalies per rule name, and provides details on the following: Rule ID, Rule Name, Score, Use Case, MITRE Tag, and Count. To drill down into a rule count value and open a list of the entities represented and their creation times, click a value in the Count column and then click Show All [n].

Anomalies-By-Rule-Name.png