Dashboards on SIEM

What are The Types of Dashboards in a SIEM Solution?

Dashboards are an integral component of any effective SIEM solution. After log data is aggregated from different sources, a SIEM solution prepares the data for analysis after normalization. The outcomes of this analysis are presented in the form of actionable insights through dashboards. Many SIEM solutions come with pre-configured dashboards to simplify the onboarding process for your team. Besides, an ideal solution should also allow an organization to customize dashboards as per its requirements. In this article, we discuss various types of dashboards available on Logsign SIEM.

(You can also check our article about The step-by-step procedure to customize a dashboard on Logsign SIEM )

Types of dashboards on Logsign SIEM

On Logsign SIEM, more than 40 types of dashboards are available. These dashboards are categorized into a total of 11 categories as follows:

  1. Threat Intelligence
  2. Security Suite
  3. Network
  4. Alert
  5. Application Server
  6. System Events
  7. Event Taxonomy
  8. Guest Access
  9. Database Control
  10. Identity Management
  11. File Access Control

If you are using Logsign for the first time or have not changed the default dashboard, the Welcome dashboard is the default dashboard on Logsign SIEM. The default dashboard contains an all event-time histogram, along with event context, event types, and event actions.

dashboards on SIEM
Figure 1: Welcome dashboard (default dashboard on Logsign SIEM)

Depending on your requirements and job profile, you can set any dashboard as the default dashboard so that it appears on the landing page after you login. Further, a user can add, modify, or remove widgets on these dashboards through “Add a widget” option. For every widget, Logsign SIEM has allocated a default time index. A user can configure this time index from a duration as short as 1 hour to as long as 365 days.

dashboards on SIEM
Figure 2: Updating the time index for a widget

1. Threat Intelligence

This category has two dashboards at present. It provides information about the classification of threat messages, external malicious source and destination IP addresses, suspicious intelligence severities, most active threat sources/destinations, time analysis, and malicious activity counts.

dashboards on SIEM
Figure 3: Threat Intelligence Analysis dashboard on Logsign SIEM

2. Security Suite

This category has six dashboards: Attack Analysis, Endpoint Analysis, Security Overview, IDS, Content Filtering Analysis, and Trend Micro.

DashboardInformation widgets
Attack AnalysisAttack activity by internal/external source IP addresses, destination ports, source interface, source countries, and timeline
Endpoint AnalysisInfected sources, threat details, detected virus, and endpoint security events
Security OverviewSecurity activities, risk by event sources, risk summary by severity, risk summary by source/destination country, along with detected activities for attacks, malware, virus, and spam
IDSAttack histogram, attack by source/destination IP addresses, destination/source attack map, and external/internal IP attack severity
Content Filtering AnalysisAllowed/blocked domain access, allowed/blocked categories, allowed/blocked URL sources, and URL categories
Trend MicroTrendMicro products, event map info, event types, event activities, event subtypes, among other event-related information
Dashboards on SIEM
Figure 4: TrendMicro dashboard on Logsign SIEM

3. Network

This category has a total of eight dashboards. These dashboards visualize information about various facets of your organization’s network.

DashboardInformation widgets
FTP AnalysisFTP time analysis and top sources/destinations
UDP AnalysisUDP time analysis, top sources/destinations, top source/destination country, and destination ports
Protocol CenterUsage by protocol timeline, top connection sources, port usage, and outbound/inbound connections by destination ports
Traffic AwarenessTraffic anomaly time analysis, traffic anomaly sources, and critical source/destination country
Traffic OverviewTraffic analysis, source/destination country, top source/destination country, and traffic analysis from source IP to unique destination IPs
HTTP/S AnalysisBlocked/allowed HTTP/S requests, top sources/destinations, and time analysis
DNS AnalysisDNS time analysis and top sources/destinations
Bandwidth AnalysisBandwidth (download/upload) usage, download/upload MB usage, and download usage for TCP and UDP
dashboards on SIEM
Figure 5: Bandwidth Analysis dashboard on Logsign SIEM

4. Alert

This category has five pre-configured dashboards concerning alerts and actions objects.

DashboardInformation widgets
Warning Level AlertsAlert details, unique counts by action object, total count, and information level alerts
Critical/Emergency Level AlertsAlert details, unique counts by action object, and total count
Compliance Alerts & Use CasesUnder development
Action Objects & Alert OverviewInformation/warning/critical/emergency level alert counts, suspicious users, suspicious internal/external hosts, suspicious objects and alerts
Alert Rules OverviewSuspicious objects time analysis with unique alert counts, alerts time analysis with unique object counts, alerts & action object analysis
dashboards on SIEM
Figure 6: Alert Rules dashboard on Logsign SIEM

5. Application Server

This category consists of pre-configured dashboards focusing on various servers inside an organization such as web, FTP, mail, DHCP, and DNS.

DashboardInformation widgets
Web ServerEvent timeline, external IP addresses, result codes, source country, URL paths, data sources, and messages
FTP ServerUsage timeline, top source IP addresses, server messages, source users, and event actions
Mail ServerEvent timeline, top mail receivers/senders, mail events, server messages, and mail subjects
DHCP ServerTimeline, server messages, top source IP addresses, top MAC addresses, and data sources
DNS ServerTime analysis, server messages, top source IP addresses, server actions, and DNS request sources
dashboards on SIEM
Figure 7: DHCP Server Analysis dashboard on Logsign SIEM

6. System Events

This category focusses on system events inside your organization’s technical infrastructure. It provides six pre-configured dashboards for your security team.

DashboardInformation widgets
Network Layer System EventsActivity and their details, event messages, and events with severity
System OverviewSystem categories, information messages, system activity by event sources, and system error messages
Application Layer System EventsActivities, messages, system errors, and message details
Critical System EventsTime analysis, critical events, critical event count, and critical devices
SIEM System EventsCPU utilization, disk utilization, EPS stats, and health check critical/last states
Security Layer System EventsActivities, messages, system errors, and message details
dashboards on SIEM
Figure 8: Critical System Events dashboard on Logsign SIEM

7. Event Taxonomy

Dashboards in this category provide detailed information about security events in your technical infrastructure based on their severity and mapping inside Logsign SIEM.

DashboardInformation widgets
SeverityEvent timeline, context, type, subtype, data sources, and details
MappingClassification (identity/security/object/network/system/application), context, type, and subtype
dashboards on SIEM
Figure 9: Event Severity dashboard on Logsign SIEM

8. Guest Access

This category of dashboards provides information about guest users who connected to your organization’s wireless network.

DashboardInformation widgets
Hotspot User Count AnalysisLogon/Logout user count, online/registered user count, login failed user count, location-based analysis for logon, login failed, registered users, and logout
Hotspot User Data Usage AnalysisUsers upload/download MB usage and location-based data usage
Hotspot User Activity AnalysisLogon/logout user activity, login failed users, login failed user activity and reasons, account termination, and all user messages
dashboards on SIEM
Figure 10: Hotspot User Activity Analysis dashboard on Logsign SIEM

Figure 9 shows no data as we have disabled connections to the wireless network in our demo environment.

9. Database Control

This category gives insights into your organization’s databases. It has three dashboards: one gives a general overview while one each is dedicated for MSSQL and Oracle.

DashboardInformation widgets
Database OverviewUsage timeline, data sources, and actions
MSSQLUsage timeline, object name and database name, general events, type and actions, and activity details
OracleUsage timeline, object name, messages, SQL commands
dashboards on SIEM
Figure 11: MSSQL dashboard on Logsign SIEM

10. Identity Management

This category of dashboards illustrates information about user account management, user identity management, and VPN-based user activities.

DashboardInformation widgets
VPN User OverviewLogon activity counts, logon failure counts, top users for logon attempts/failures, activity details, time analysis, and login/failure by countries
Account ManagementActivities count, top 10 activities, created/deleted users, enable/disable users, lock/unlock users, messages, password change activities, and expired password by account
Identity OverviewLogon activity counts, logon failure counts, top users for logon attempts/failures, logon and logon failure by source IP address, and logout activity by users
Dashboards on SIEM
Figure 12: Account Management dashboard on Logsign SIEM

11. File Access Control

This category of dashboards presents visualized information about the file system of your organization. It covers user activities, file share events, and detailed insights on change events.

DashboardInformation widgets
File SharedTime analysis, shared folders, shared file events, and event details
File SystemTime analysis, actions, user file activity, and object names
File OverviewFile server timeline, shared folders, file modified event count, modified events by users, and shared file change event details
dashboards on SIEM
Figure 13: File Overview dashboard on Logsign SIEM

Have you been able to utilize these dashboards for your organization? Feel free to get in touch with our Support team if you have any questions or queries.

Leave a Reply

Your email address will not be published. Required fields are marked *