- Dashboards
- Navigation Overview
- View and Interact with Dashboards
- View and Interact with Visualizations
- User Management
- Configure and Manage Dashboards
- Create a Dashboard
- Add a Visualization to a Dashboard
- Add a Text Tile
- Modify a Dashboard Layout
- Add Dashboard Filters
- Manage Automatic Refresh Rates
- Create a Scheduled Report
- Make a Dashboard Public
- Export and Import Dashboards
- Edit Dashboard Filters
- Edit Dashboard Details
- Duplicate a Dashboard
- Delete a Dashboard
- Configure and Manage Visualizations
- Create a Visualization
- Auto-Create a Visualization from a Natural Language Prompt
- Create a Visualization from a Search Query
- Add Visualizations from the Library to a Dashboard
- Modify a Visualization
- Configure Visualization Query Filters
- Include Context Filtering in Visualizations
- Make a Visualization Public
- Export and Import Visualizations
- Duplicate a Visualization
- Remove a Visualization from a Dashboard
- Delete Visualizations from the Library
- Configure and Manage Scheduled Reports
- Pre-Built Dashboards
- Advanced Analytics Dashboards
- AI/LLM Dashboards
- Case Manager Dashboards
- Compliance Dashboards
- Correlation Rules Dashboards
- Event Store Dashboards
- Access Grant and Revoke Activity
- Account Logout Summary
- Account Management Activity
- Application Security Event Summary
- Authenticated User Accounts on Hosts
- AWS CloudTrail Summary
- Data Loss Prevention Activity – Host-Based
- Data Loss Prevention Activity – User-Based
- Data Loss Prevention Activity Summary
- Default Account Access
- Default Credential Usage and Change Activity
- Denied Web Access Activity
- Disabled User Account Summary
- Discovered Attacks by Source and Destination
- Endpoint Detection and Response
- Failed Application Logon Activity
- Failed Audit Logs Summary
- Failed Host Login Attempt Counts by Users
- Failed VPN Login Attempts and Remote Session Timeouts
- Firewall Activity
- Firewall and Router Device Interfaces
- IOC Statistics
- Insecure Authentication Attempts
- Log Delay Insights
- Microsoft 365 Summary
- Microsoft Windows Overview
- Network Applications by Traffic Volume
- Policy Activity Summary
- Ports Usage Trend
- Privileged Access
- Privileged Access – User-Based
- Protocols by Network Traffic
- Remote Session Overview
- Security Alert Summary – Impacted Hosts
- Security Alert Summary – Origin Hosts
- Security Alert Summary – Users
- Successful Application Logon Activity
- Successful Database Login Activity
- Successful Physical Access
- Top Attackers
- User Account Creation Summary
- User Account Lockout Activity
- Vendor Authentication Activity
- Windows Audit Failure Summary by Hosts
- Windows Audit Failure Summary by Users
- Windows User Privilege Elevation
- Zscaler HTTP Dashboard
- Security Operations Center Management Dashboards
- Threat Center Dashboards
- Pre-Built Visualizations
- Anomalies - Use Case & MITRE Coverage
- Anomalies by Rule Name
- Anomalies by Use Case
- Anomalies Count Over Time
- Anomaly Distribution by MITRE Tactic & Score
- Application Count
- Closed Incidents
- Correlation Rules by Severity
- Correlation Rules Triggered Over Time
- Detected Anomalies
- Host-Based DLP Alerts Count
- Incidents Created
- Incident Summary by Incident Type
- Number of Hosts with DLP Alerts
- SOC Incident Distribution
- Top 5 Host-Based DLP Alert Categories
- Top 5 Protocols in Host-Based DLP Alerts
- Top 10 Host-Based DLP Alert Types
- Top 10 Hosts with DLP Alerts
- Top Activities per Top 10 Applications
- Top Users per Top 10 Applications
- Trend of Application Security Events
SOC Overview
This pre-built dashboard provides security operation center (SOC) administrators and security leaders with an overview of the entire security posture of their enterprise. It includes dashboards that allow administrators and CISOs to quickly visualize the overall status of their SOC operations and identify areas that need attention.
Note
This dashboard is available with the following licenses:
Exabeam Security Investigation
Exabeam Security Analytics
Exabeam Fusion
New-Scale Analytics
New-Scale Fusion
The dashboard includes charts that visualize various aspects of incidents, anomalies, and correlation rules. By default it includes three filters that filter the data displayed to the last seven days. It contains filters for incident create date, anomaly approx log date, and correlation rules approx log date.
To modify the filters, click the expand arrow (
) at the far right of the Filters applied panel. When the panel fully expands, click in a filter field and select a different preset time range or define a custom range.
The sections below described each visualization included on the dashboard.
Incidents Created
This single value bar chart displays the total number of incidents created during the specified time range.
Closed Incidents
This single value bar chart displays the total number of incidents closed during the specified time range.
Detected Anomalies
This single value bar chart displays the total number of anomalies detected during the specified time range.
SOC Incident Distribution
This heat map breaks down the count of new incidents per assignee. Darker shading on the map indicates a greater number of incidents. To display more information about a graph value, hover your pointer over a specific square, as shown in the image below.
Incident Summary by Incident Type
This coverage map shows the distribution of incidents by incident types. The numbers on the squares indicate the number of times that the incident has occurred, and the different colors represent number ranges that are given in the legend. Hover your pointer over the squares to display the incident names.
Correlation Rules by Severity
This pie chart illustrates the count proportions of the alerts triggered by correlations rules, grouped by severity. To view the represented values, hover your pointer over the graph slices, as shown in the image below.
Anomaly Distribution by MITRE Tactic & Score
This bubble chart shows the distribution of anomalies by MITRE tactic and risk score. The MITRE tactics are listed on the left and the possible scores are listed along the bottom. The size of the bubbles is relative based on the number of anomalies detected for a specific MITRE tactic. To view the values represented in each bubble, hover your pointer over it as shown in the image below.
Correlation Rule Triggered Over Time
This area chart represents the count changes of the different correlation rules triggered over the selected time range. Each correlation rule is represented by a color, as shown in the legend below the chart. Hover your pointer over a graph area to highlight it and display the data points. When you hover over a data point, you can information about it, such as the approx log date and number of times it was triggered.
Anomalies – Use Case & MITRE Coverage
This coverage map shows the distribution of detected anomalies by use case and MITRE tactics. The numbers on the squares indicate the number of times that the anomaly was detected, and the different colors represent number ranges that are given in the legend. Hover your pointer over the squares to display the use cases and MITRE tactics.
