Skip to content
  • There are no suggestions because the search field is empty.

Dashlets

DashletsDashlets

Dashlets for all RSA NetWitness Platform modules are available to add in the default RSA NetWitness Platform dashboard or a custom RSA NetWitness Platform dashboard. All dashlets have a common set of controls described in the RSA NetWitness Platform Getting Started Guide. This is an example of some currently available dashlets.

dashlet_choices.png

Some dashlets have additional configuration parameters and controls, for example the Reports Realtime Chart dashlet, Malware Top Listing of Highly Suspicious Malware dashlet, and the Admin Service Monitor dashlet. For more information on these additional controls, read the section that pertains specifically to that dashlet.

  • Column 1:

    Note:

  • Column 2:

    For documentation sets prior to RSA NetWitness Platform 11.0, the detailed dashlet documentation is included in the Getting Started with Security Analytics Guide.










Admin News DashletAdmin News Dashlet

This dashlet presents product information and updates for the Administration module.

To display this dashlet in the RSA NetWitness Platform dashboard or as part of a custom dashboard, in the dashboard toolbar, select netwitness_ic-adddrop.png > Add a Dashlet in the dashboard and select Admin News.

netwitness_admnewsdashlet.png

Admin Service List DashletAdmin Service List Dashlet

The Administration Service List dashlet is a list of available services in RSA NetWitness Platform with links to administrative tasks that can be taken on those services. In effect, this dashlet is a focused subset of the Administration Hosts View (see the topic in the Hosts and Services Getting Started Guide.

To display this dashlet in the RSA NetWitness Platform dashboard or as part of a custom dashboard, select ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Admin Services List.

netwitness_adminservdashlet.png

Note the following:

  • The View menu (src=https://community.rsa.com/t5/image/serverpage/image-id/404048iADA9F2E1098AC6DF) option is a quick link to the View menu in the Administration Services view. Select a service and click here to select a view.
  • The Navigate option is a quick link to the Navigate view in the Investigation module.
  • The Services grid has a subset of the grid columns in the Administration Hosts view. The following table provides descriptions of the columns presented in the dashlet
  • Column:

    netwitness_checkbox.png

  • Description: Selection checkbox. Click in the heading to select or deselect all services in the list.

  • Column:

    Connection Status

    src=https://community.rsa.com/t5/image/serverpage/image-id/404017i2DC41E45B460AC8E
    src=https://community.rsa.com/t5/image/serverpage/image-id/403967i25360BB5198CE11D

  • Description:

    The connection icons indicate whether the connection to the service is good (green) or bad (red and gray). Rendering of the entire row in red text also reflects a bad connection status.


  • Column: Name
  • Description: The name of the service; for example HQ-Decoder or 10.26.22.44-Decoder.

  • Column: Address
  • Description: The IP address of the NextGen service; for example, 10.26.22.44.

  • Column: Type
  • Description: The type of service. Possible values are Broker, Concentrator, Decoder, Log Decoder, Log Collector, Archiver, Workbench, Warehouse Collector, Event Stream Analysis, IPDB Extractor, Reporting Engine, Malware Analysis, and Incident Management.

Admin Service Monitor DashletAdmin Service Monitor Dashlet

The Admin Service Monitor dashlet summarizes service version and status information that appears in the Administration Services view. This is a subset of the columns in the Hosts view.

To display this dashlet in the RSA NetWitness Platform dashboard or as part of a custom dashboard, click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Admin Service Monitor. The Add a Dashlet dialog has an option to select the service type for the new dashlet.

netwitness_admservmondashlet.png

The dashlet includes this subset of the columns in the Hosts view:

  • Name
  • Type
  • Version
  • Status
  • Memory usage
  • CPU

For more details about the Hosts view, see the Hosts and Services Getting Started Guide.

Dashboard RSA First Watch DashletDashboard RSA First Watch Dashlet

Note: This dashlet is discontinued as of NetWitness version 11.4.1. It is only visible if you are using a version prior to 11.4.1.

The Dashboard RSA First Watch dashlet delivers situational awareness and threat intelligence from across the RSA research and incident-response community, providing customers the intelligence to prepare for, respond to, and mitigate advanced cyber threats. The RSA First Watch, Incident Response, and Computer Incident Response Center (CIRC) teams track millions of IP addresses and domains, as well as dozens of unique threat sources and threat actors.

To display this dashlet in the Unified dashboard or as part of a custom dashboard, click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Dashboard RSA First Watch.

104FirstWatchDashlet.png

  • Column: Date
  • Description: The date the article was posted.

  • Column: Article
  • Description: The article title, a sample of the article, and a "Read More" link to the full article.

Dashboard Shortcuts DashletDashboard Shortcuts Dashlet

The Dashboard Shortcuts dashlet offers quick links to common tasks in other areas of RSA NetWitness Platform. It is a good tool for first-time users who are trying to get a feel for the system.

To display this dashlet in the RSA NetWitness Platform dashboard or as part of a custom dashboard, click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select the Dashboard Shortcuts dashlet.

DbdSCutsDlt.png

In addition to the standard dashlet controls, this dashlet has options that link to common RSA NetWitness Platform tasks.

  • Option: Configure Live Connection
  • Description: Links to the Administration System View > Live Configuration Panel, where you configure the connection to the Live content management system.

  • Option: Add a Service
  • Description: Links to the Services View.

  • Option: Investigate a Service
  • Description: Links to the Navigate View Navigate Tab, in which you can select a service to navigate from a list of available services.

  • Option: Browse Live Resources
  • Description: Links to the Live Search View, in which you search the Live resource library for resources.

  • Option: Setup Live Intel Sharing
  • Description: Links to the Administration System View, in which you can choose to participate in live intelligence sharing.

  • Option: Manage Live Subscriptions
  • Description: Links to the Live Configure View, in which you view and edit subscriptions and deployments.

  • Option: View My Jobs
  • Description: Links to the Jobs Panel (Profile View), in which you view RSA NetWitness Platform jobs.

  • Option: View My Notifications
  • Description: Links to the Notifications Panel (Profile View), in which you view system notifications.

Dashboard What's New DashletDashboard What's New Dashlet

The Dashboard What's New dashlet displays the latest product information and announcements for all RSA NetWitness Platform products.

To display this dashlet in the dashboard or as part of a custom dashboard, click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Dashboard What's New dashlet.

WhatsNewDlt.png

Incidents Analysts Activity DashletIncidents Analysts Activity Dashlet

The Incidents Analysts Activity dashlet shows the number and status of incidents per analyst, over a range of time. It displays three categories:

  • Closed incidents
  • Open incidents
  • Remediation in progress

To display this dashlet in the RSA NetWitness Platform dashboard or as part of a custom dashboard, click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar. Select Incidents Analysts Activity from the drop-down menu and set a time range for the activity.

dashlet_IncidentAnalystsActivity.png

Note: When you collapse the dashlet using the dshlet_toggle.png option, the bars take some time to redisplay. You can refresh the browser to see the graph quickly.

  • Feature: Bar graph
  • Description: When you hover the mouse over a portion of the bar graph, the number and status of incidents is displayed in text.

  • Feature: Incident categories
  • Description: In the legend at the bottom, incident categories are displayed. Clicking a category removes it from the graph. Clicking the category again re-displays it in the graph.

Incidents Queue Activity DashletIncidents Queue Activity Dashlet

The Incidents Queue Activity dashlet displays the total number of alerts, incidents, and remediation tasks for a selected time range.

To display this dashlet on the RSA NetWitness Platform dashboard or as part of a custom dashboard, click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Incidents Queue Activity. In the Add a Dashlet dialog, enter a title for the dashlet and select a time range for results.

The figure below is an example of the dashlet with information from the last 7 days.

dashlet_IncidentQueueActivity.PNG

  • Feature: Totals
  • Description: Separate rows display the totals of alerts, incidents, and remediation.
    Clicking a total opens the respective tab for alerts, incidents, or remediation.

  • Feature: Increase and Decrease
  • Description: The number below the total is the amount of increase or decrease. A total that has changed more than 33% is in red. A total that has changed less than 33% is in gray.

Investigation Jobs DashletInvestigation Jobs Dashlet

The Investigation Jobs dashlet displays the status of all jobs in the Investigation module. The toolbar, grid, and job management procedures are described under Jobs Tray.

To display this dashlet in the default dashboard or as part of a custom dashboard, click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Investigation Jobs.

104InvJobsDashlet.png

The Investigation Jobs dashlet lists all jobs that you own, recurring and non-recurring, and lets you monitor their progress.

  • Feature: src=https://community.rsa.com/t5/image/serverpage/image-id/403986iBD0EE84FD3F57EA2
  • Description: The Resume option applies only to recurring jobs that have been paused. When you resume a paused job, the next execution of the job executes as scheduled.

  • Feature: src=https://community.rsa.com/t5/image/serverpage/image-id/404057i291AA6C9CDD47E83
  • Description: The Pause option applies only to recurring jobs. When you pause a recurring job that is running, it has no effect on that execution. The next execution (assuming the job is still paused) is skipped.

  • Feature: src=https://community.rsa.com/t5/image/serverpage/image-id/401975i7F06BA021402E53F
  • Description:

  • Feature: , , the job is instantly deleted from the Jobs panel. No confirmation dialog is offered. If you delete a recurring job, all future executions are removed as well.

, , , click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Investigation Top Values., , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Live Featured Resources., , , , , , , , , , , the icon in the screen capture represents a Parser feed. Clicking the Resource Type icon opens a new browser tab with the detailed view of the resource in the Live Resource view., , , , for example, NetWitness APT Threat IPs. Clicking the Resource Name displays the detailed view of the resource in the Live Resource view. The view opens in the current browser tab., , , , , , , , , , , , click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Live New Resources., , , , , , the icon to the left represents an ESA Rule. Clicking the Resource Type icon opens a new browser tab with the detailed view of the resource in the Live Resource view.Resource NameThe name of the resource, for example, Ghost Protocol Parser. Clicking the Resource Name displays the detailed view of the resource in the Live Resource view. The view opens in the current browser tab.Date CreatedThe date the resource was created.Last Updated DateThe date the resource was last updated., , use the Subscriptions Tab in the Live Manage view., click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Live Subscriptions., , , , , , , , click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Live Updated Resources., , , , , 204,255);>ValueDescription, the icon in the screen capture represents a Decoder feed. Clicking the Resource Type icon opens a new browser tab with the detailed view of the resource in the Live Resource view.Resource NameThe name of the resource, for example, Spamhaus EDROP List IP Ranges. Clicking the Resource Name displays the detailed view of the resource in the Live Resource view. The view opens in the current browser tab.Date CreatedThe date the resource was created.Last Updated DateThe date the resource was last updated., , high likelihood of harboring malware, and high scores in the scoring modules. This dashlet is available in the Unified dashboard and in the Malware view. When a Malware Analyst first logs on to RSA NetWitness Platform, by default the only visible dashlet in the Unified view is the What's New dashlet. The analyst must create any additional Malware dashlets., filter results, and configure the display of results as an Events List or a Files List., click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Malware Malware with High Confidence IOCs and High Scores from the Type drop-down menu., , , , , , , , , , especially if you have more than one instance of the same dashlet. The name appears in the title bar of the dashlet., only events and files that were flagged as High Confidence (or likelihood) for containing Indicators of Compromise are displayed in the dashlet.Static, Network, Community, SandboxFilters the results based on the scores for each scoring module. You can set the value as =, <=, or >=.Result LimitSets the number of results to be displayed. Possible values in the drop-down list are 5,10,20 , , click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Malware Scan Jobs List., , , , , , , by default the only visible dashlet in the view is the What's New dashlet. The analyst must create any additional Malware dashlets., filter results, and configure the display of results as an Events List or a Files List. From this dashlet, you can launch an Malware Analysis investigation of an event directly by double-clicking the event; you do not have to go to the Investigation > Malware view to begin., click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Malware Top Listing of Possible Zero Day Malware from the Type drop-down menu., , , , , , , , , , especially if you have more than one instance of the same dashlet. The name appears in the title bar of the dashlet.Influenced by High Confidence OnlyWhen checked, only events and files that were flagged as High Confidence (or likelihood) for containing Indicators of Compromise are displayed in the dashlet.Static, Network, Community, SandboxFilters the results based on the scores for each scoring module. You can set the value as =, <=, or >=. The operator for the community filter is less than or equal to the applied slider value by default. The operator for the other filters is greater than or equal to by default.ServiceSelects the service to be monitored.Time (Relative)Limits the time range of displayed results.Result LimitSets the number of results to be displayed. Possible values in the drop-down list are 5,10 , by default the only visible dashlet dashboard is the What's New dashlet. The analyst must create any additional Malware Analysis dashlets., filter results, and configure the display of results as an Events List or a Files List., click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Malware Top Listing of Highly Suspicious Malware from the Type drop-down menu., , , , , , , , double-click an event or file name in the grid., , especially if you have more than one instance of the same dashlet. The name appears in the title bar of the dashlet.Influenced by High Confidence OnlyWhen checked, only events and files that were flagged as High Confidence (or likelihood) for containing Indicators of Compromise are displayed in the dashlet.Static, Network, Community, SandboxFilters the results based on the scores for each scoring module. You can set the value as =, <=, or >=.ServiceSelects the service to be monitored.Time (Relative)Limits the time range of displayed results.Result LimitSets the number of results to be displayed. Possible values in the drop-down list are 5,10 , , , if in the chart definition you selected a refresh interval as five minutes and past hour as one hour, the chart displays data from the past 60 minutes. The chart in the dashlet refreshes itself based on the dashlet refresh interval that you have defined., , click >netwitness_ic-actionbttn.pngand then netwitness_icon-add.png. From the Add a Dashlet dialog, select the Reports Realtime Chart from the Type drop-down menu. In the Chart Type drop-down, select the Column option., , , , , , , , , , , , , , , , , , , , , , , , , pie, and geomap., , , , , , , , , , , click >netwitness_ic-actionbttn.pngand then netwitness_icon-add.png. From the Add a Dashlet dialog, select the Reports Realtime Chart from the Type drop-down menu. In the Chart Type drop-down, select the GeoMap option. , , , , , , , zoom out and export a GeoMap chart., , , , , , , , , , , , , , , , select ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Reports RE Alert Variance from the Type drop-down menu., , , , , , , , and the dashlet refresh interval for the chart to be refreshed., , , , click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Reports Recent Run Report from the Type drop-down., , , , , , , , click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Reports RE Recent Alerts from the Type drop-down menu., , , , , , , , , , , , , if for the defined time range, the number of events (alert count) triggered by the alert is 10, then the first data point in the chart is shown as 10. The subsequent data point = 10 + number of events (alert count) triggered by the alert in the defined dashlet refresh interval., click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Reports RE Top Alerts from the Type drop-down menu., , , , , , , , the time from when the alerts needs to be fetched, and the dashlet refresh interval for the chart to be refreshed., , , , , , , , , , , , , , ,