Introduction
This is a document about Logsign Unified SecOps Platform, which provides a library of predefined dashboard panels with 24 different types of widgets in 12 different categories. Additionally, custom dashboard panels can be defined for monitoring any number of systems.
This document covers information about "Predefined Alarm Dashboard Panels" and "Data Insights and Visualizations with High Probability Events (Incidents)."
Predefined Alarm Dashboard Panels
By clicking on the button located in the upper left corner of the Logsign Unified SecOps Platform, all predefined dashboard panels are listed.
Under the Alert category, four different predefined dashboard panels are listed:
- Alert Rules Overview
- Warning/Information Level Alert Analysis
- Action Object & Alert Overview
- Critical/Emergency Level Alert Analysis
Alarm detail analyses can be examined in the four predefined dashboard panels mentioned above.
Creating a Dashboard Panel for High Probability Events (Incidents)
Logsign continuously monitors the system with predefined Entity and Behavior Lists. Therefore, the analysis of an abnormal event can be provided with the enrichment of the data. An IP, User, or Entity's previous entry into the Behavior List and the resulting Suspect, Attacker, or Victim can be labeled as content.
With the widgets and dashboard panels provided by the Logsign Unified SecOps Platform, this information can be visualized and analyzed quickly.
In the example below, an IP labeled as "Suspect" will be analyzed for "Why it was labeled as suspicious" and "Which list it entered, when it entered," and a "Dashboard Panel" will be created for tracking this data for different IPs, Users, or Entities.
Go to the "Search" tab on the Logsign Unified SecOps Platform and use "Context.SourceIP:Suspicious" as the query.
Filter the IP you want to analyze using Smart Filter, and the results are listed for the selected IP.
Let's take the "107.150.126.151" IP as an example.
The analysis of filtered logs can also be performed via Smart Filter, and details can be viewed on the listed logs.
Additionally, a "Dashboard Panel" can be created to track this and similar data for different IPs, Users, or Entities.
Go to the Dashboard tab, click the "New Dashboard" button, and define the name and category of the dashboard panel.
Select the desired widget type, and enter the query as "Context.SourceIP:Suspicious" as mentioned in the example above.
Examples can be replicated with different widgets to enrich the dashboard panel.