Dashboards are an integral part of a SIEM solution as they help you in visualizing the security of your organization’s technical infrastructure in real-time. In our last article, we discussed in detail about the pre-configured dashboards on Logsign SIEM and the information they present for your security team. In this article, we explore how you can customize a dashboard, add widgets, manage dashboard categories, arrange dashboards and categories, and much more.
On the Dashboards menu, you will see a total of 11 categories, apart from Welcome Dashboard and Custom Dashboards. These categories have more than 40 pre-configured dashboards. Read more about these categories and the types of dashboards on Logsign SIEM.
Figure 1: Dashboards and Categories
Click on the Edit Menu button to arrange the dashboard menu. You can change the order of categories by clicking the category name, drag, and then drop it at your preferred location. Similarly, you can re-arrange the dashboards within a category by drag and drop.
Figure 2: Editing the dashboard menu
To edit or delete a category and its constituent dashboards, click on the corresponding Edit and Delete icons.
Figure 3: Edit and delete icons for a category of dashboards
You can add a new dashboard to the existing categories or create a separate category for your customized dashboards.
For creating a new category, click on the Add Category button in the Dashboard menu. Enter the name for your category and click on the Save button.
Figure 4: Creating a new Dashboard category
Now, click on the New Dashboard button. Enter the name for your dashboard, select the desired category, add tags if needed, and click on the Save button.
Figure 5: Creating a new dashboard
Your dashboard will now load on your screen. Right now, this will be blank – you need to populate it with various widgets.
Figure 6: New dashboard
Click on the Add Widget to create your first widget for your dashboard. The Widget Wizard will open up, and it shows the following options:
Figure 7: Selecting a widget
For this demo, we have selected a Stacked Histogram Chart. Click on the Next button to continue.
Now, you need to define the data source for your widget. Let’s say that we need to see events from a particular vendor such as Trend Micro. We name the widget as Trend Micro Demo and select Reports from the information source dropdown. We select Time.Generated from the Time Column and EventSource.Product from the Grouped Column. The query entered is EventSource.Vendor:”TrendMicro” and index time selected is 24 hours.
Figure 8: Content Settings on Widget Wizard
The next section on Widget Wizard asks you to select the Widget type. Select an option from the dropdown and click on the Save button.
Figure 9: View Settings on Widget Wizard
Your widget should now appear on your dashboard. You can drag and drop to change its location and resize it as per your arrangement of widgets on the dashboard. Accordingly, you can add more widgets on your dashboard to populate it with visualizations.
Figure 10: Widget added successfully on the dashboard
At times, you may need to modify the settings of an existing widget for reasons such as changing the duration of data, selecting a different type of chart to visualize data, etc. First, go to the widget that you wish to modify. In its top-right corner, it displays index time, i.e., total duration for which it is visualizing the data, along with Settings and Delete icon. The Widget Wizard opens when you click on the Settings icon. To remove a widget, click on the Delete icon and confirm your choice.
Figure 11: Modifying an existing widget
Have you been able to set up customized dashboard and widgets for your organization? Feel free to get in touch with our Support team if you have any questions or queries.
OT security is the practice of using hardware and software technologies to monitor, detect, and control changes to processes, events, and...Learn more
This article explains the last four stages of Cyber Kill Chain that includes Installation, Command and Control (C2), Actions on Objectives,...Learn more