Data Insights and Visualizations with High Possibility Incident Logs

Introduction

This is a document about Logsign Unified SecOps Platform, which provides a library of predefined dashboard panels with 24 different types of widgets in 12 different categories. Additionally, custom dashboard panels can be defined for monitoring any number of systems.

This document covers information about "Predefined Alarm Dashboard Panels" and "Data Insights and Visualizations with High Probability Events (Incidents)."

Predefined Alarm Dashboard Panels

By clicking on the button located in the upper left corner of the Logsign Unified SecOps Platform, all predefined dashboard panels are listed.

1.png

 

Under the Alert category, four different predefined dashboard panels are listed:

  • Alert Rules Overview
  • Warning/Information Level Alert Analysis
  • Action Object & Alert Overview
  • Critical/Emergency Level Alert Analysis

Alarm detail analyses can be examined in the four predefined dashboard panels mentioned above.

2.png

3.png

 

Creating a Dashboard Panel for High Probability Events (Incidents)

Logsign continuously monitors the system with predefined Entity and Behavior Lists. Therefore, the analysis of an abnormal event can be provided with the enrichment of the data. An IP, User, or Entity's previous entry into the Behavior List and the resulting Suspect, Attacker, or Victim can be labeled as content.

4.png

With the widgets and dashboard panels provided by the Logsign Unified SecOps Platform, this information can be visualized and analyzed quickly.

In the example below, an IP labeled as "Suspect" will be analyzed for "Why it was labeled as suspicious" and "Which list it entered, when it entered," and a "Dashboard Panel" will be created for tracking this data for different IPs, Users, or Entities.

Go to the "Search" tab on the Logsign Unified SecOps Platform and use "Context.SourceIP:Suspicious" as the query.

5.png

 

Filter the IP you want to analyze using Smart Filter, and the results are listed for the selected IP.

Let's take the "107.150.126.151" IP as an example.

6.png

The analysis of filtered logs can also be performed via Smart Filter, and details can be viewed on the listed logs.

7.png

8.png

9.png

 

Additionally, a "Dashboard Panel" can be created to track this and similar data for different IPs, Users, or Entities.

Go to the Dashboard tab, click the "New Dashboard" button, and define the name and category of the dashboard panel.

10.png

11.png

Select the desired widget type, and enter the query as "Context.SourceIP:Suspicious" as mentioned in the example above.

 

12.png

 

Examples can be replicated with different widgets to enrich the dashboard panel.

13.png

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.