Skip to content
  • There are no suggestions because the search field is empty.

Dashboards Catalog

There are several Preconfigured dashboards available upon installation. These dashboards provide a high-level overview of network traffic and logs. They help provide immediate value to SOC Managers, Analysts and System Admins in gaining quick overall status of the network.

The Overview dashboard provides a sampling of information that can be viewed in more detail in the dashlets of the other dashboards. It provides high-level trends and state-of-the-business view of network traffic and logs status. From its dashlets, links are provided to drill down to view more information about individual dashboards. For example, when you drill down from the Top Services dashlet on the Overview dashboard, it will lead to the Operations—Network dashboard, which shows further details on Operations—Network Top Source Countries and Destination Countries.

All these dashboards are available upon installation. However, they are disabled by default except the Default dashboard. Every dashboard consists of dashlets that are built based on a chart supported by a Report Rule. So, each dashlet is dependent on a Report Rule and a Report Chart. These Preconfigured dashboards are read-only dashboards with no option to edit them. If their Refresh Interval or Past Hours are edited for any reason, they may get overridden during upgrades. RSA recommends that you make a copy of the Preconfigured dashboards before you make any modifications.

For detailed information on Dashlets, see Dashlets.

Available Preconfigured Dashboards

The following table describes each Preconfigured dashboard.

  • Name: Identity Dashboard
  • Description:

    Shows users and services that may potentially have malicious activities. The trends help compare them against daily logs to find abnormal behavior.


  • Name: Overview Dashboard
  • Description:

    Provides a trending view of traffic flow within the customer's environment over a 24 hour period.


  • Name: Operations—Logs Dashboard
  • Description:

    Shows top trends and distribution of logs from different classes and categories, for a quick view of log categories and event classes. Use this view to adjust devices that are producing more logs than expected.


  • Name: Operations—Network Dashboard
  • Description:

    Shows top trends of source and destination traffic, including geographic locations, in order to easily monitor network traffic.


  • Name: SecurID Dashboard
  • Description:

    Allows analysts to monitor specific identities and their behaviors. It empowers organizations to monitor two-factor environments that utilize RSA's SecurID for authenticating to protected resources.


  • Name: Threat—Hunting Dashboard
  • Description:

    Displays a summary of the events that have been categorized according to the Hunting meta keys.


  • Name: Threat—Indicators Dashboard
  • Description:

    Shows top Threat and Risk trends that help monitor any changes to the normal categories or sources of risk. If there are abnormal amount of threats from an uncommon source, it needs further investigation.


  • Name: Threat—Intrusion Dashboard
  • Description:

    Provides a view into firewall events and actions as well as IDS signatures over the last 24 hours.


General Dependencies

Each Dashlet is dependent upon one report rule and one report chart. Also, dashlets may be dependent on other content. In that case, those dependencies are listed.

Dashboards support various mediums: each individual dashlet supports a medium:

  • Log: content parsed from events generated from logged data.
  • Packet: content parsed from events generated from network packet data
  • Log and packet: content that correlates across log and packet events

Additionally, some dashlets contain content that is parsed from either log or packet data.

Dashboard-Related Procedures

Occasionally, you may want to perform the following tasks:

  • Add or Change a Reporting Engine data source
  • Enable some charts

Add a Data Source to a Reporting Engine

In most cases, for customers that have other reports running, the Data Source is already defined. If so, you can skip this section.

Perform the following steps to associate a data source with a Reporting Engine:

  1. Navigate to ADMIN > Services.
  2. In the Services Grid, select a Reporting Engine service.

  3. Click View > Config.

    The Services Config View of Reporting Engine is displayed.

  4. Click the Sources tab, and select the appropriate Concentrator service as the Data source.

Enable Charts

To enable the charts, do the following:

  1. Navigate to MONITOR > Reports.
  2. Click Charts.

  3. Click Identity Group.

    The RSA SecureID folder appears.

  4. Select the RSA SecureID folder.

    All charts related to RSA SecureID are listed under the Charts list panel.

  5. In the Charts list panel, select a chart or several charts that display disabled_button.png in the Enabled column.

    3_select_chart.png

  6. Click enable_button.png.

A confirmation message indicates that the state of the selected charts is changed successfully.

​Identity Dashboard

The Identity dashboard shows users and services that may potentially have malicious activities. The trends help compare them against daily logs to find abnormal behavior.

Sample dashboard screen:

dashboard_userActivity_01.png

Dependencies

Dashboards support various mediums: each individual dashlet supports a medium:

  • Log: content parsed from events generated from logged data.
  • Packet: content parsed from events generated from network packet data
  • Log and packet: content that correlates across log and packet events

Additionally, some dashlets contain content that is parsed from either log or packet data.

The following table describes the dependencies for each dashlet, as well as other details.

  • Dashlet:

    Top Log Event Users Trend

  • Medium:

    log

  • Dependencies:

    Log Event Users

  • Column 4:

    Log Event Users


  • Dashlet:

    Top Logon Failures Summary

  • Medium:

    log

  • Dependencies:

    Logon Failures Summary

  • Column 4:

    Logon Failures Summary


  • Dashlet:

    Top Logon Success Summary

  • Medium:

    log

  • Dependencies:

    Logon Success Summary

  • Column 4:

    Logon Success Summary


  • Dashlet:

    Top Cleartext Authentications by Service Trend

  • Medium:

    packet

  • Dependencies:

    Cleartext Authentications by Service

  • Column 4:

    Cleartext Authentications by Service


  • Dashlet:

    Top Cleartext Passwords by Service

  • Medium:

    packet

  • Dependencies:

    Cleartext Passwords by Service

  • Column 4:

    Cleartext Passwords by Service


  • Dashlet:

    Top Email Sender Trends

  • Medium:

    packet

  • Dependencies:

    Email Senders

  • Column 4:

    Email Senders


Note: All of the dashlets are also dependent upon the Hunting Pack and the Identity Feed.

Dashlets Contained in this Dashboard

The Identity dashboard contains the following dashlets:

  • Top Log Event Users Trend: Displays the top 10 users as populated by log event traffic.
  • Top Logo Failures Summary: Displays the top 10 logon failures as populated by log event traffic.
  • Top Logon Success Summary: Displays the top 10 logon success as populated by log event traffic.
  • Top Cleartext Authentications by Service Trend: Displays the top authentications detected in clear text by service through packet traffic.
  • Top Cleartext Passwords by Service: Displays the top passwords detected in clear text by service through packet traffic.
  • Top Email Sender Trends: Displays the top email senders from packet traffic.

​Operations—Logs Dashboard

The Operations—Logs dashboard shows top trends and distribution of logs from different classes and categories, for a quick view of log categories and event classes. Use this view to adjust devices that are producing more logs than expected.

Sample dashboard screen:

dashboard_logStatus_01_800x343.png

Dependencies

Dashboards support various mediums: each individual dashlet supports a medium:

  • Log: content parsed from events generated from logged data.
  • Packet: content parsed from events generated from network packet data
  • Log and packet: content that correlates across log and packet events

Additionally, some dashlets contain content that is parsed from either log or packet data.

The following table describes the dependencies for each dashlet, as well as other details.

  • Dashlet:

    Top Log Event Classes Trend

  • Medium:

    log

  • Dependencies:

    Log Event Classes

  • Column 4:

    Log Event Classes


  • Dashlet:

    Top Log Event Types Trend

  • Medium:

    log

  • Dependencies:

    Log Event Types

  • Column 4:

    Log Event Types


  • Dashlet:

    Top Log Event Categories

  • Medium:

    log

  • Dependencies:

    Log Event Categories

  • Column 4:

    Log Event Categories


  • Dashlet:

    Top Log Destination Ports

  • Medium:

    log

  • Dependencies:

    Log Destination Ports

  • Column 4:

    Log Destination Ports


Dashlets Contained in this Dashboard

The Operations—Logs dashboard contains the following dashlets:

  • Top Log Event Classes Trend: Displays the top 10 log event classes as populated by log event source traffic.
  • Top Log Event Types Trend: Displays the top 10 log event types as populated by the log event traffic.
  • Top Log Event Categories: Displays the top 10 log event categories as populated by log event traffic.
  • Top Log Destination Ports: Displays the top 10 log destinations ports as populated by log event traffic.

​Operations—Network Dashboard

The Operations—Network dashboard shows top trends of source and destination traffic, including geographic locations, in order to easily monitor network traffic.

Sample dashboard screen:

dashboard_networkStatus_01_800x403.png

Dependencies

Dashboards support various mediums: each individual dashlet supports a medium:

  • Log: content parsed from events generated from logged data.
  • Packet: content parsed from events generated from network packet data
  • Log and packet: content that correlates across log and packet events

Additionally, some dashlets contain content that is parsed from either log or packet data.

The following table describes the dependencies for each dashlet, as well as other details.

  • Dashlet:

    Top Services Trend

  • Medium:

    packet

  • Dependencies:

    Top 10 Services

  • Column 4:

    Top Services

  • Column 5:

  • Dashlet:

    Top TCP Destination Ports

  • Medium:

    packet

  • Dependencies:

    Top TCP Destination Ports

  • Column 4:

    Top TCP Destination Ports

  • Column 5:

  • Dashlet:

    Top Source IP Addresses

  • Medium:

    log, packet

  • Dependencies:

    Top Source IP Addresses

  • Column 4:

    Top Source IP Addresses

  • Column 5:

  • Dashlet:

    Top Destination IP Addresses

  • Medium:

    log, packet

  • Dependencies:

    Top 10 Destination IP Addresses

  • Column 4:

    Top Destination IP Addresses

  • Column 5:

  • Dashlet:

    Top Destination Countries

  • Medium:

    log, packet

  • Dependencies:

    Top 10 Destination Countries

  • Column 4:

    Top Destination Countries

  • Column 5: