- Dashboards
- Navigation Overview
- View and Interact with Dashboards
- View and Interact with Visualizations
- User Management
- Configure and Manage Dashboards
- Create a Dashboard
- Add a Visualization to a Dashboard
- Add a Text Tile
- Modify a Dashboard Layout
- Add Dashboard Filters
- Manage Automatic Refresh Rates
- Create a Scheduled Delivery
- Make a Dashboard Public
- Export and Import Dashboards
- Edit Dashboard Filters
- Edit Dashboard Details
- Duplicate a Dashboard
- Delete a Dashboard
- Configure and Manage Visualizations
- Create a Visualization
- Auto-Create a Visualization from a Natural Language Prompt
- Add Visualizations from the Library to a Dashboard
- Create a Visualization from a Search Query
- Modify a Visualization
- Configure Visualization Query Filters
- Include Context Filtering in Visualizations
- Make a Visualization Public
- Export and Import Visualizations
- Duplicate a Visualization
- Remove a Visualization from a Dashboard
- Delete Visualizations from the Library
- Pre-Built Dashboards
- Advanced Analytics
- Threat Center
- Case Manager
- Compliance / Event Store
- Access Grant and Revoke Activity Dashboard
- Account Logout Summary Dashboard
- Account Management Activity Dashboard
- Application Security Event Summary Dashboard
- Authenticated User Accounts on Hosts Dashboard
- AWS CloudTrail Summary Dashboard
- Data Loss Prevention Activity Dashboard – Host-Based
- Data Loss Prevention Activity Dashboard – User-Based
- Data Loss Prevention Activity Summary Dashboard
- Default Account Access Dashboard
- Default Credential Usage and Change Activity Dashboard
- Denied Web Access Activity Dashboard
- Disabled User Account Summary Dashboard
- Discovered Attacks by Source and Destination Dashboard
- Endpoint Detection and Response Dashboard
- Failed Application Logon Activity Dashboard
- Failed Audit Logs Summary Dashboard
- Failed Host Login Attempt Counts by Users Dashboard
- Failed VPN Login Attempts and Remote Session Timeouts Dashboard
- Firewall Activity Dashboard
- Firewall and Router Device Interfaces Dashboard
- Indicator of Compromise (IOC) Statistics Dashboard
- Insecure Authentication Attempts Dashboard
- Microsoft 365 Summary Dashboard
- Microsoft Windows Overview Dashboard
- Network Applications by Traffic Volume Dashboard
- Policy Activity Summary Dashboard
- Port Usage Trends Dashboard
- Privileged Access Dashboard
- Privileged Access Dashboard – User-Based
- Protocols by Network Traffic Dashboard
- Remote Session Overview Dashboard
- Security Alert Summary Dashboard – Impacted Hosts
- Security Alert Summary Dashboard – Origin Hosts
- Security Alert Summary Dashboard – Users
- Successful Application Logon Activity Dashboard
- Successful Database Login Activity Dashboard
- Successful Physical Access Dashboard
- Top Attackers Dashboard
- User Account Creation Summary Dashboard
- User Account Lockout Activity Dashboard
- Vendor Authentication Activity Dashboard
- Windows Audit Failure Summary by Hosts Dashboard
- Windows Audit Failure Summary by Users Dashboard
- Windows User Privilege Elevation Dashboard
- Zscaler HTTP Dashboard
- Correlation Rules
- SOC Management
- Pre-Built Visualizations
- Anomalies - Use Case & MITRE Coverage
- Anomalies by Rule Name
- Anomalies by Use Case
- Anomalies Count Over Time
- Anomaly Distribution by MITRE Tactic & Score
- Application Count
- Closed Incidents
- Correlation Rules by Severity
- Correlation Rules Triggered Over Time
- Detected Anomalies
- Host-Based DLP Alerts Count
- Incidents Created
- Incident Summary by Incident Type
- Number of Hosts with DLP Alerts
- SOC Incident Distribution
- Top 5 Host-Based DLP Alert Categories
- Top 5 Protocols in Host-Based DLP Alerts
- Top 10 Host-Based DLP Alert Types
- Top 10 Hosts with DLP Alerts
- Top Activities per Top 10 Applications
- Top Users per Top 10 Applications
- Trend of Application Security Events
Failed VPN Login Attempts and Remote Session Timeouts Dashboard
This dashboard provides an overview of failed VPN login attempts and remote session timeouts in your organization.
Note
This dashboard can assist you in complying with the following regulatory requirements: NIST 800-53 SI-4, NIST 800-53 AC-3, NIST 800-53 AC-5, NIST 800-53 AC-6, NIST 800-53 CM-5(1), NIST 800-53 AC-2(12), PCI 12.3.8, NIST 800-53 AC-20, NIST 800-53 AC-17, PMC 6.1, NIST 800-53 IA-2, TSC SOC2 CC6.6.4, ISO 27001 A.6.2.2, CJIS 5.5.6, NIST 800-53 AC-17(1).
Time Range Filter
The Event : Approx Log Time filter sets the time range for the event data. The default setting is in the last 7 days. You can update this filter with a wide range of customizable settings.
To update the time range filter, click the arrow (
) on the right, under the Edit button, to expand the filters panel. In the Event : Approx Log Time filter, select an operator from the first drop down menu and then enter or select values in the subsequent fields, depending on the operator you selected. To save your filter changes, click Apply on the right side of the filter panel. The updated filter is applied to the visualization.
Number of Users with Failed VPN Login Attempts
This single value bar chart displays the total number of unique users with failed audit activities during the selected time range.
Trends for the Number of Users with Failed VPN Login Attempts
This line graph shows the count trends for unique users with failed VPN login attempts. To view the values represented in the chart, move your pointer over the graph line and hover on the data points. To view the underlying events of a value, click the data point, and then click Show Results in Search.
Top 10 Users with Failed VPN Login Attempts
This bar chart displays the event counts for the top 10 users with the most failed login attempts. To view the values represented in the bars, hover your pointer over them. To view the underlying events of a value, click the bar, and then click Show Results in Search.
Failed VPN Login Attempt Trends
This line graph shows the count trends for VPN login attempts. To view the values represented in the chart, move your pointer over the graph line and hover on the data points. To view the underlying events of a value, click the data point, and then click Show Results in Search.
Top 10 Source IPs of Failed Login Attempts
This Sankey chart breaks down the event counts for the top 10 source IPs with the most failed login attempts and shows the users connected to them. The left side of the chart shows the source IP addresses; the right side shows the users. To highlight the links between the source IPs and the users and view their count values, hover your pointer over the links.
Top 10 Reasons for Failed VPN Logins
This pie chart illustrates the count proportions of the top 10 reasons for failed VPN logins. To view the represented values, hover your pointer over the graph slices. To view the underlying events of a value, click the graph slice, and then click Show Results in Search.
Failed VPN Login Events
This table displays the raw log data of the last 20 failed VPN login events. To view all the table rows, use the scroll bar on the right.
VPN Logout Events
This table displays the raw log data of the last 20 VPN logout events. To view all the table rows, use the scroll bar on the right.