Skip to main content

DashboardDashboards Guide

Table of Contents

Discovered Attacks by Source and Destination Dashboard

This dashboard provides an overview of discovered attacks by their sources and destinations.

Note

This dashboard can assist you in complying with the following regulatory requirements: PCI 10.6, NIST 800-53 SI-4, NIST 800-53 AU-6, NIST 800-53 AU-6(3), PCI 12.10.5, PCI 11.4.a, CJIS 5.10.1.3, NIST 800-53 SI-4(4), HIPAA 164.308-(a)(1), CJIS 5.4.3, NIST 800-53 SI-4(5), NIST 800-53 SI-4(7), TSC SOC2 7.1.1, NIST 800-53 SI-4(16), NIST 800-53 SI-4(17), NIST 800-53 SI-4(24).

Time Range Filter

The Event : Approx Log Time filter sets the time range for the event data. The default setting is in the last 7 days. You can update this filter with a wide range of customizable settings.

To update the time range filter, click the arrow (icon-expand.png) on the right, under the Edit button, to expand the filters panel. In the Event : Approx Log Time filter, select an operator from the first drop down menu and then enter or select values in the subsequent fields, depending on the operator you selected. To save your filter changes, click Apply on the right side of the filter panel. The updated filter is applied to the visualization.

time-range-options.png

Discovered Attacks Count

This single value bar chart displays the number of unique attacks within the selected time range.

A single value-style visualization.

Discovered Attacks by Destination

This column chart displays the event counts of the top 10 destinations in discovered attacks. To view the values represented in the columns, hover your pointer over them. To view the underlying events of a value, click the column, and then click Show Results in Search.

Discovered-Attacks-by-Destination.png

Discovered Attacks by Source

This column chart displays the event counts of the top 10 sources in discovered attacks. To view the values represented in the columns, hover your pointer over them. To view the underlying events of a value, click the column, and then click Show Results in Search.

Top 10 Discovered Attacks

This table shows the event details for the top 10 discovered attacks in terms of shared source host, source IP, destination host, destination IP, and alert name values. Click the heading of the column that you want to sort the data by. Click the arrow icon to change between ascending Sort-Up.png and descending Sort-Down.png orders. You may need to use the scroll bar on the right to view all the table rows.

To view the underlying events of a discovered attack, click its count value, and then click  Show Results in Search.

Top-10-Discovered-Attacks.png