Dashboards
Dashboards show streamlined, actionable data and display data at a glance by collecting data from the Incidents, thereby reducing the time needed for analyzing and responding to high-risk threats and stopping them early in the attack kill chain. Following are some of the capabilities of the dashboards that enable security analysts to monitor incidents:
Real-time visibility and index searches with custom widgets, export charts, categorized layouts, and color sets.
Data drill-down with a clear representation using charts.
Monitoring of large amounts of data with a rotational dashboard with improved visibility for real-time updates.
Accelerated incident triage with date range filters and custom sharing based on contextual insights.
Obtaining detailed analysis of KPIs with Scheduled dashboard reports.
Following are the 2 types of widget sections in the dashboard:
Overview Widget Section: This widget section displays summarized widget data and no other details. For example, in the Open Incident Assigned To Me widget, only the number is shown.
Information Widget Section: This widget section displays widget data with a visual representation and provides you with the option to change the chart type and export it as a PDF or PNG file.
CFTR provides the following pre-configured dashboards:
My Dashboard: Provides important metrics and visualizations related to the incidents that are assigned to you or your user group.
Incident Dashboard: Provides important metrics and visualizations related to all the incidents and actions that are available on your CFTR platform. You can navigate and view the incident or action details by clicking the incidents or actions.
Key Metrics: Provides important metrics and visualizations related to measurable metrics to identify the trend of cyber threats reported over a time frame.
Asset Risk Metrics: Provides important metrics and visualizations related to the risks of the users and devices.
CISO Dashboard: Provides important metrics and visualizations related to average cost and KRIs. It also includes details about the cost metrics, asset risks, root causes, and security threat details impacting an organization.
MSSP Dashboard: Provides important metrics and visualizations related to the incidents of the tenants who have enabled data flow. It is a dedicated dashboard for the security service providers to monitor the incidents of the tenants. To view the dashboard for specific tenants, select the tenants from Tenants on the top-right of the dashboard. To enable security service providers to monitor the tenants' data, the tenants must enable the data flow to the parent instance under Admin Panel > Configurations > Basic Configuration > Tenant Settings.
Note
You can view the data in the dashboards based on your Role-Based Access Control (RBAC) configuration. For more information, see Configure Role-Based Access Control (RBAC) in CFTR.
View Modes
You can switch between the dark and light modes by clicking the sun/moon icon on the top-right corner for a comfortable viewing experience.
Speedometer
Speedometer charts intuitively provide a real-time count of indicators observed during incident management. For example, Personally Identifiable Information (PII) or admin exceptions indicate their maximum value range in the form of a round meter, whereas the dial shows where the score that falls across the range on a full circle.
You can now use speedometers or percentage pie to display incident indicators split by incident type.