Skip to main content

DashboardDashboards Guide

Table of Contents

Security Operation Center Overview Dashboard

This pre-built dashboard provides security operation center (SOC) administrators and security leaders with an overview of the entire security posture of their enterprise. It includes dashboards that allow administrators and CISOs to quickly visualize the overall status of their SOC operations and identify areas that need attention.

Note

This dashboard is available with the following licenses:

  • Exabeam Security Investigation

  • Exabeam Security Analytics

  • Exabeam Fusion

The dashboard includes charts that visualize various aspects of incidents, anomalies, and correlation rules. By default it includes three filters that filter the data displayed to the last seven days. It contains filters for incident create date, anomaly approx log date, and correlation rules approx log date.

To modify the filters, click the expand arrow (icon-expand.png) at the far right of the Filters applied panel. When the panel fully expands, click in a filter field and select a different preset time range or define a custom range.

The sections below described each visualization included on the dashboard.

Incidents Created

This single value bar chart displays the total number of incidents created during the specified time range.

incidents-created.png

Closed Incidents

This single value bar chart displays the total number of incidents closed during the specified time range.

incidents-closed.png

Detected Anomalies

This single value bar chart displays the total number of anomalies detected during the specified time range.

detected-anomalies.png

SOC Incident Distribution

This heat map breaks down the count of new incidents per assignee. Darker shading on the map indicates a greater number of incidents. To display more information about a graph value, hover your pointer over a specific square, as shown in the image below.

soc-incident-distribution.png

Incident Summary by Incident Type

This coverage map shows the distribution of incidents by incident types. The numbers on the squares indicate the number of times that the incident has occurred, and the different colors represent number ranges that are given in the legend. Hover your pointer over the squares to display the incident names.

incident-summary-by-incident-type.png

Correlation Rules by Severity

This pie chart illustrates the count proportions of the alerts triggered by correlations rules, grouped by severity. To view the represented values, hover your pointer over the graph slices, as shown in the image below.

correlation-rules-by-severity.png

Anomaly Distribution by MITRE Tactic & Score

This bubble chart shows the distribution of anomalies by MITRE tactic and risk score. The MITRE tactics are listed on the left and the possible scores are listed along the bottom. The size of the bubbles is relative based on the number of anomalies detected for a specific MITRE tactic. To view the values represented in each bubble, hover your pointer over it as shown in the image below.

anomaly-distribution-by-mitre.png

Correlation Rule Triggered Over Time

This area chart represents the count changes of the different correlation rules triggered over the selected time range. Each correlation rule is represented by a color, as shown in the legend below the chart. Hover your pointer over a graph area to highlight it and display the data points. When you hover over a data point, you can information about it, such as the approx log date and number of times it was triggered.

correlation-rule-triggere-over-time.png

Anomalies – Use Case & MITRE Coverage

This coverage map shows the distribution of detected anomalies by use case and MITRE tactics. The numbers on the squares indicate the number of times that the anomaly was detected, and the different colors represent number ranges that are given in the legend. Hover your pointer over the squares to display the use cases and MITRE tactics.

anomalies-use-case-mitre-coverage.png