Dashboarding is an important part of RSA Netwitness Orchestrator(NWO). It is important to create a dashboard as it allows an an analyst to view data in one centralized location, and when customized effectively, displays the relevant and important data that analysts need for them to make quick decisions.
In this guide, it shows how to create a dashboard card and recommends some potential useful cards that analysts should have on their dashboard relating to case management.
On NWO, create a new dashboard by navigating to the top tab. Under the dashboards drop down, press the option new dashboard
Enter a name for the dashboard, like Case Management.
You will be greeted with a blank dashboard. To add a new card, navigate to the top right and press the plus button.(Next to the Padlock Icon)
Dashboard Cards are used for populating the dashboards, which is explained in the next section.
Explanation of Dashboard Card
This dashboard card displays statistics of the resolution of cases . Examples of resolutions are: “In progress/Investigating”, ”Containment achieved”.. etc
Sample Dashboard output:
To achieve the dashboard card shown above, refer to the following:
| Configuration Options | Sample Image of Configuration |
| Card type: New Query Card Name: Incident Count by Resolution Display type: Chart Query by: Cases Grouping: Resolution |
Table of selectable resolutions in cases:
Explanation of Dashboard Card
This dashboard card displays the statistics of the current status of NWO cases.
Sample Dashboard Output:
To achieve the dashboard card shown above, refer to the following:
| Configuration Options | Sample Image of Configuration |
| Card type: New Query Card Name: Open Cases by Status Display type: Chart Query by: Cases Grouping: Status Chart type: Advanced Pie Chart |
Note: Only available on NWO v6.3.1
Explanation of Dashboard Card
This dashboard card displays the usernames of the analysts who have closed cases within the last 24 hours.
Sample Dashboard Output:
To achieve the dashboard card shown above, refer to the following:
| Configuration Options | Sample Image of Configuration |
| Card type: New Query Card Name: Closed Case within last 24 hours Display Type: Chart Query by: Cases Advanced query: caseCloseTime>="TODAY()" && caseCloseTime<"TODAY()+24 HOURS" Grouping: Case close user Other Charts: Number Cards |
Explanation of Dashboard Card
The purpose of this dashboard card is to display statistics of the number of open cases in NWO based on their severity.
Sample Dashboard Output:
To achieve the dashboard card shown above, refer to the following:
| Configuration Options | Sample Image of Configuration |
| Card type: New Query Card Name: Open Cases by Severity Display type: Chart Query by: Cases Advanced query: status=”Open” Grouping: severity |
Note: Only available in NWO v6.3.1
Explanation of Dashboard Card
The purpose of this dashboard card is to provide a mean calculation of how long analysts took to close cases.
Sample Dashboard Result:
To achieve the dashboard card shown above, refer to the following:
| Configuration Options | Sample Image of Configuration |
| When creating a new dashboard card, there is a metric section. MTTR option is selected. Card type: Metric, MTTR Card Name: Mean time to Resolution Important Note: A case must first be closed for this option to pop up. |
Explanation of Dashboard Card
All Open cases : All Open Cases in NWO will be displayed. The data that will be displayed are the name of the cases, assignee, severity and created date of the cases.
My Open Cases: Cases that are only assigned to you(current user logged in) will be displayed. The data that will be displayed are the name of the cases, severity and created date of the cases.
Sample Dashboard Result:
All open cases:
My Open cases:
To achieve the dashboard card shown above, refer to the following:
| Configuration Options | Sample Image of Configuration |
| Card type: Widget, All Open Cases |
|
| Card type: Widget, All Open Cases |
Explanation of Dashboard Card
This dashboard card provides an overview of the case count against the categories that they were assigned.
Sample Dashboard Result:
To achieve the dashboard card shown above, refer to the following:
| Configuration Options | Sample Image of Configuration |
| Card type: New Query Card Name: Incidents by Category Display Type: Chart Query by: Cases Grouping: Tag Optional Advanced query: tag!=”Netwitness”(If you are using the playbooks included in the starter pack, it will automatically assign the tag Netwitness so it is best to omit it) |
NWO features easily customizable dashboards to fit an individual analyst’s needs. There are many configuration options that Netwitness Orchestrator offers in terms of dashboarding, this only shows some examples to help you get started. I hope this blog post gives you some insight and was informative, and gives you some inspiration on how to populate your own dashboards with data that interests you.