My First Dashboard: A Step-by-Step Tutorial
Intel Exchange (CTIX) enables you to create custom dashboards tailored to your preferences by utilizing widgets. You can either use system-defined widgets or create custom widgets that meet your requirements.
The goal of this tutorial is to guide beginners to create a custom dashboard using custom and system widgets. The step-by-step instructions and examples provided in this tutorial will help you create a basic custom dashboard from scratch. This tutorial will also help you develop an understanding of the relationship between saved searches, widgets, and dashboards.
For more information about dashboards, see Dashboards.
Use Case
In this tutorial, we will create a basic dashboard called the IOC Summary, that will help you monitor incoming IOCs on the platform. The IOC Summary dashboard will include six summary widgets and four information widgets.
Let's create a dashboard that will include the following summary widgets:
Not reviewed Indicators (Custom)
High Confidence Indicators (System)
Deprecated Indicators (System)
Medium Confidence Indicators (System)
False Positive Indicators (System)
Allowed Indicators (System)
We will also include the following information widgets:
Indicators by Countries (Custom)
IOC Timeline by TLD Distribution (System)
IOC Analysis Status (System)
This tutorial aims to help you create the dashboard illustrated in the following graphic:
Before you Start
You must have the following permissions in Intel Exchange to create a dashboard:
View Dashboards
Create Dashboards
Update Dashboards
View Threat Data
Steps
Perform the following steps to create your first dashboard:
Create Saved Search Queries
Saved search queries are frequently accessed queries that enable easy access to the target results and save time. Widgets use saved search queries to retrieve relevant threat data and display the consolidated information. Intel Exchange enables you to create saved search queries and use them to create custom widgets.
Following are some examples of saved search queries you can use to create custom widgets:
Saved Search Query for a Summary Widget: To create a saved search query to monitor the Not Reviewed Indicators scenario, you can use the following query:
'Object Type' = "Indicator" AND 'Reviewed Status' = "Not Reviewed"
After obtaining results from the above query, save the search using the steps mentioned in Save CQL Queries. Similarly, you can create saved search queries for other summary widgets.
Saved Search Query for an Information Widget: To create a saved search query to monitor the Indicator by Country scenario, you can use the following query:
'Object Type' = "Indicator"
After obtaining results from the above queries, save these searches using the steps mentioned in Save CQL Queries. Similarly, you can create saved search queries for more information widgets.
Create Custom Dashboard
Create a dashboard with your choice of widgets to monitor specific information in a single dashboard. In this section, we will create the IOC Summary dashboard using the custom and system widgets. We will use the saved search queries that we defined earlier to create custom widgets.
Create a dashboard, by clicking Add Dashboard to define the basic structure of your dashboard. The basic structure of the dashboard includes details such as the title, description, dashboard layout (basic or custom), and dashboard type (stationary or rotating). After you define the structure of the dashboard, add widgets of your choice to the dashboard. For more information about creating widgets, see Create Summary Widgets and Create Information Widgets.
For detailed steps to create a dashboard, see Custom Dashboards.
Create Summary Widgets
Summary widgets display information about threat data objects based on the time frame selected on the dashboard. These widgets use saved search queries to retrieve real-time threat data and display specific information.
Use Case
As an analyst, to monitor the Not Reviewed Indicators you can use the saved search query defined earlier and create a custom summary widget for your dashboard.
The following graphic illustrates how to create a custom summary widget:
The following graphic illustrates how to add a system summary widget:
Similarly, you can add more system summary widgets or create custom summary widgets to add to the dashboard. To create custom summary widgets, see Summary Widgets.
Create Information Widgets
Information widgets compare threat data details and display the information graphically. These widgets have various chart types that help visualize the comparison between different objects. These widgets use saved search queries to retrieve real-time threat data and display specific information.
Use Case
As an analyst, to monitor the Indicators by Countries you can use the save search query defined earlier and create a custom information widget for your dashboard.
The following graphic illustrates how to create a custom information widget:
The following graphic illustrates how to add a system information widget:
Similarly, you can add more system information widgets or create custom information widgets to add to the dashboard. To create custom information widgets Information Widgets.
What Next?
After you add all widgets to the dashboard, save the dashboard and it is ready for you to monitor the threat data objects. You can manage your dashboard by exporting data of a widget, sharing the dashboard with other analysts, cloning the dashboard to reuse the structure and widgets to create more dashboards, and more. For more information, see Manage Dashboards and Manage Widgets.