Skip navigation
All Places > Products > RSA NetWitness Platform > RSA NetWitness Platform Online Documentation > Documents
Log in to create and rate content, and to follow, bookmark, and share content with other members.

Sys Maintenance: New Health and Wellness Dashboards

Document created by RSA Information Design and Development Employee on Sep 11, 2020
Version 1Show Document
  • View in full screen mode
 
 

This topic provides the list of default New Health and Wellness dashboards and associated visualizations and metrics.

Deployment Health Overview Dashboard

This dashboard provides the overall health of the NetWitness Platform hosts and services. The following table provides the information on default visualizations available on this dashboard.

Note: The parameters and metrics listed below are the default values. You can customize the parameters and metrics of any visualization based on your requirement. For example, you can customize a visualization to view the CPU utilization for all the core services or any particular service.

                                                                                                                                 
VisualizationParameters and MetricsObjectiveDescription
Alarms Summary

• Count of active alert

• Alert severity

Provides the summary of active health alarms based on the severity.

Displays the active alarms grouped by severity (Critical, High, Medium, Low).
Offline Services

• Service name

• Status Time

• Refresh time 15 minutes

Identifies the list of unavailable services.Displays the list of offline services.
Stopped Archiver Aggregation

• Count of archivers where aggregation is stopped

• Refresh time 15 minutes

Identifies the number of Archivers where aggregation is stopped.

Displays the number of Archivers where aggregation is stopped. For more information, see Notifications.
Stopped Broker Aggregation

• Count of Brokers where aggregation is stopped

• Refresh time 15 minutes

Identifies the number of Brokers where aggregation is stopped.Displays the number of Brokers where aggregation is stopped. For more information, see Notifications.
Stopped Concentrator Aggregation

• Count of Concentrators where aggregation is stopped

• Refresh time 15 minutes

Identifies the number of Concentrators where aggregation is stopped.

Displays the number of Concentrators where aggregation is stopped. For more information, see Notifications.
Stopped Decoder/Log Decoder Capture

• Count of Decoders or Log Decoders where capture is stopped

• Refresh time 15 minutes

Identifies the number of Decoders or Log Decoders where capture is stopped.Displays the number of Decoder or Log Decoder where capture is stopped. For more information, see Notifications.
Total vs Offline Services

• Total number of services

• Count of offline services

• Refresh time 15 minutes

Identifies the number of offline services versus total number of services.

Displays the total number of services and the number of services that are offline.
Stopped State Aggregation & Capture

• Services name

• Host name

• Service version

Provides the list of services where aggregation and capture are stopped.Displays the list of services where aggregation and capture are stopped.

NetWitness Services Version Status

• Service version

Provides the status of NetWitness Platform service versions.

Displays the status of NetWitness Platform service versions.

NetWitness Services – Uptime Summary

• Service name

• Host name

• Running since

Provides an overview on the uptime of the services in the deployment.Displays the list of services and their uptime.

Memory Utilization Trend

• Service name

• Memory usage

Provides the memory utilization trend to detect any high utilizations and take necessary action.

Displays the memory utilization trend of the hosts.

Current CPU Usage

• Services name

• CPU usage

Provides the CPU usage trend of the hosts to identify any high utilizations and take necessary action.Displays the current CPU usage of the services.

Current Disk Usage

• Services name

• Disk usage

Provides the disk utilization in the real time to identify any high utilizations and take necessary action.

Displays the current disk usage of the hosts.

Capture Rate for Log Decoders

• Service name

• Capture rate

Provides the capture rate trend to identify any high values and take necessary action.Displays the trend of Log Decoders capture rate.

Capture Rate for Network Decoders

• Service name

• Capture rate

Provides the capture rate trend to identify any high values and take necessary action.

Displays the trend of Network Decoders capture rate.

Session Aggregation Rate and Trend for Concentrators

• Service name

• Session aggregation rate

Provides an overview on the session rate of the Concentrators to identify any high values and take necessary action.Displays the session aggregation rate and trend of Concentrator.

Retention Summary

• Service id

• Service name

• Running on host

• Oldest meta file time

• Oldest packet file time

• Oldest session file time

Provides a quick view on the current retention of the Decoders, Concentrators and Archivers to check if the retention is lower than the configured retention.

Displays the oldest date for meta, session, packet present in decoders, logdecoders and concentrators

Total CPU Usage Trend for Services

• CPU usage

• Service name

Provides the CPU usage trend of the services to detect the high utilization and take necessary action.Displays the top 20 services where CPU usage is high.

Total Memory Usage Summary for Services

• Service name

• Memory usage

Provides the memory usage summary of NetWitness Platform services to detect any high usage and take necessary actions.

Displays the top services that are utilizing the resident memories.

Hosts Dashboard

This dashboard provides the resource utilization and health of NetWitness hosts in your deployment. The following table provides information on default Visualizations available on this dashboard.

                                                                                                   
Visualization Metrics ObjectiveDescription
Disk Used

• Disk usage

Provides the current disk usage of the hosts to detect the high utilization and take immediate action.

Displays the current disk usage of the host.
Current Memory Usage vs Total Available

• Current memory usage

• Total available memory

Provides the current memory usage versus total available memory to identify high usage and take necessary action.Displays the current memory usage and total available memory of the host.
Current Disk Usage vs Total Available Disk

• Current disk usage

• Total available disk

Provides the current disk usage versus total available disk to identify high usage and take necessary action.

Displays the current disk usage versus total available disk.
Disk Usage by Partitions

• Disk partition

• Disk usage

Provides the disk usage by different partitions to identify high usage and take necessary action.List of partitions and associated disk percentage.
Resident Memory Usage by Services

• Service name

• Resident memory usage

Provides the resident memory usage per service to identify high usage and take necessary action.

Displays the resident memory usage of the service.
Memory UsageMemory usage Provides the current memory usage percentage of the hosts to identify high memory usage and take necessary action.Displays the memory usage of the host.
CPU Usage

CPU usage

Provides the CPU usage percentage to identify high usage and take necessary action.

Displays the CPU usage of the host.
CPU Usage by Services

• Service name

• CPU usage

Provides the CPU Percentage per service to detect high usage and take necessary action.Displays the CPU usage of the service.

Interfaces by Incoming Traffic

Incoming traffic on interfaces

Provides the trend on interfaces incoming traffic to detect any deviation on time.

Display the incoming traffic interfaces.

Interfaces by Outgoing TrafficOutgoing traffic on interfacesProvides the trend on interfaces outgoing traffic to detect any deviation on time.Display the interfaces outgoing traffic.

Services by Open File Descriptors

• Services

• Open file descriptor

Provides the list of open file descriptor associate with a service.

Displays the list of open file descriptor associated with a service.

TOP APPLIANCES BY DISK IO READ (Line) Vs WRITE (Bar)

• Service name

• Disk IO Read

• Disk IO Write

Provides the list of top appliances by disk IO read and write to detect any high usage and take necessary action.Displays top appliances based on disk IO read and write usage.

Total Inbound Traffic for All Interfaces

• Count of inbound traffic on Interfaces

• Total transferred traffic

Provides the total inbound traffic to detect any deviation on time.

Displays the current inbound traffic and total transferred traffic.

Total Outbound Traffic for All Interfaces

• Count of outbound traffic on Interfaces

• Total transferred traffic

Provides the total outbound traffic to detect any deviation on time.Display the current outbound traffic and total transferred traffic.

Logs Dashboard

This dashboard provides information on various NetWitness Platform logs. The following table provides information on default Visualizations available on this dashboard.

                                                                     
VisualizationMetricsObjectiveDescription
Log Decoders by Capture Rate

• Service name

• Capture Rate

Provides the capture rate of Log Decoders to detect high capture rate on time and take necessary action.Displays the Log Decoders by capture rate.
Log Decoders by Capture Packet Rate

• Service name

• Capture Packet Rate

Provides the capture packet rate of Log Decoder to detect high capture packet rate on time and take necessary action.Displays the Log Decoders by capture packet rate.
Log Decoders by CPU Percentage

• Service name

• CPU usage

Identifies the Log Decoders by CPU usage to detect high usage and take necessary action.Display the Log Decoders by CPU usage..
Log Decoders by Resident Memory Usage

• Service name

• Resident Memory Usage

Identifies the Log Decoders by resident memory usage to detect high usage and take necessary action.Display Log decoder by resident memory usage.
SDK Active Queries on Concentrators

• Service name

• Count of active queries

Identifies the concentrators by SDK active queries.Display concentrators by SDK active queries.
Concentrators Status

• Service running on host

• Service type

• Service version

• Aggregation status

• Average session rate

• Max session rate

• Active queries

Provides the concentrator status.Display the list of concentrators and its status.
Concentrator Session Aggregation Rate [Trend]

• Service name

• Session rate

Provides the trend of Concentrator session aggregation rates to detect high session rates and take necessary action.Displays Concentrator session aggregation rate.
SDK Active Queries on Brokers

• Service name

• Count of Active Queries

Identifies the Brokers by SDK active queries.Lists Brokers by SDK active queries.
Brokers Status

• Service running on host

• Service type

• Service version

• Aggregation status

• Average session rate

• Max session rate

• Active queries

Provides the Broker status.Displays the list of Brokers and their status.

Packet Overview Dashboard

This dashboard provides information on NetWitness Platform network data. The following table provides information on default Visualizations available on this dashboard.

                                                                     
VisualizationMetricsObjectiveDescription
Network Decoders by Capture Rate

• Service name

• Capture rate

Identifies the capture rate of Network Decoder to detect high value and take necessary action.Displays Network Decoders by capture rate.
Network Decoders by Capture Drop

• Service name

• Capture drop percentage

Identifies the capture drop rate of Network Decoders to detect drop rate and take necessary action.Displays Network Decoders by capture drop.
Network Decoders by CPU Percentage

• Service name

• CPU usage

Identifies the Network Decoders by CPU usage to detect high usage and take necessary action.Displays Network Decoder by CPU used.
Network Decoders by Resident Memory Usage

• Service name

• Resident memory usage

Identifies the Network Decoders by resident memory usage to detect high usage and take necessary action.Displays Network Decoder by resident memory usage.
SDK Active Queries on Concentrators

• Service name

• Count of active queries

Identifies the concentrators by SDK active queries.Displays Concentrators by SDK active queries.
Concentrators Status

• Service running on host

• Service type

• Service version

• Aggregation status

• Average session rate

• Max session rate

• Active queries

Provides the Concentrator status.Displays the list of Concentrators and their status.
Concentrator Session Aggregation Rate [Trend]

• Service name

• Session rate

Provides the trend of Concentrator session aggregation rate to detect high value and take necessary action.Displays the trend of concentrator session aggregation rate.
SDK Active Queries on Brokers

• Service name

• Count of active queries

Identifies the Brokers by SDK active queries.Display the Broker by SDK active queries.
Brokers Status

• Service running on host

• Service type

• Service version

• Aggregation status

• Average session rate

• Max session rate

• Active queries

Provides the Broker status.Displays the list of brokers and its status.

Analysis Dashboard

This dashboard provides details about Reporting Engines on Primary UI or Analyst UI. The following table provides the information on default Visualizations available on this dashboard.

                                                         
VisualizationMetricsObjectiveDescription
Reporting Engine Rule Query Executions

• Hostname

• Failed rule executions

• Cancelled rule execution

• Active rule execution

• Total rule execution

Provides the status of the queries executed by Reporting Engine to detect any deviations on time.Displays the queries executed by Reporting Engine.
Reporting Engine Reports Executions

• Hostname

• Failed in last hour

• Running more than one hour

• Cancelled in last hour

• Output actions failed in last hour

Provides the status of the reports executed by Reporting Engine to detect any deviations on time.Displays the Reporting Engine reports.
Reporting Engine Alerts Execution

• Enabled alerts

• Execution failed

• Execution skipped in las 10 minutes

• Running alerts

• Output actions failed in last 10 minutes

Provides the status of the alerts generated by Reporting Engine to detect any deviations on time.Displays the Reporting Engine alerts.
Reporting Engine Charts Executions

• Hostname

• Enabled charts

• Execution failed

• Execution cancelled in last 10 minutes

Provides the status of the charts executed by Reporting Engine to detect deviations on time.Displays Reporting Engine charts.
Reporting Engine Disk Usage

• Disk Used

• Total disk space

Provides the disk usage by Reporting Engine to detect any deviations high usage and take necessary action.Displays the disk used by Reporting Engine.
Unassigned Open IncidentsCount of unassigned open incidentsIdentifies unassigned incidents to assist Administrator to take necessary action.Displays the unassigned incidents.
Incidents Sent to ArcherCount of incidents sent to archerProvides statistics on the incidents sent to Archer to assist Administrator to take necessary action.Displays the incidents sent Archers.

Endpoint Dashboard

This dashboard provides information on NetWitness Endpoints and agents installed on Endpoints. The following table provides information on default Visualizations available on this dashboard.

                                                                     
VisualizationMetricsObjectiveDescription
Endpoint Server to Agent Communication Queued

• Service name

• Count of queued request to Agent

Provides an overview of the queued agent communication to the Endpoint Server to identify any issues around the queued communication.Displays the queued request to agent.
Endpoint Server to Agent Communication Rejected Count

• Service name

• Count of rejected request to agent

Provides an overview of rejected agent communication to the Endpoint Server to identify any issues related to the rejected count.Displays the rejected request to agent.
Endpoint Agent Overview

• Hostname

• Total active agents

• Active advanced

• Active insights agents

• Active advanced windows agents

• Active advanced linux agents

• Active advanced mac agents

Provides an overview of Endpoint Agents.Displays list of agents and its details.
Relay Servers Overview

• Hosts

• Total relay servers

• Agents communicated via relay server

• Agents communicated in last two days via relay server

Provides an overview of the Relay Servers.Displays the Relay server details.
Files Count by File Status

• Count of blacklisted files

• Count of graylisted files

• Count of netural file

• Count of whitelisted files

Provides an overview of file status by count to assist an Administrator on the overall statistics of Endpoint actions on files.Displays the file count of file statuses.
Files Count by Certificate Status

• Count of blacklisted certificates

• Count of gray listed certificates

• Count of neutral certificates

• Count of whitelisted certificates

Provides an overview on certificate status to assist an Administrator to take necessary action.Displays the count of certificate statuses.
File Count by Reputation Status

• Count of unknown status

• Count of suspicious status

• Count of malicious status

• Count of known good status

• Count of known status

• Count of invalid status

Provides an overview on the reputation status to assist an Administrator to take necessary action. Displays the count of files reputation status.
Endpoint Hosts with Risk Score Greater than 90Count of hosts with risk score greater than 90Identifies the number of hosts with risk score higher than 90 for immediate attention.Displays the count of hosts with risk score greater than 90.
Endpoint Files with Risk Score Greater than 90Count of files with risk score greater than 90Identifies the number of files with risk score higher than 90 for immediate attention.Displays the count of files with risk score greater than 90.

ESA Correlation Overview Dashboard

This dashboard provides health statistics and trends on the ESA deployment. The following table provides the information on default Visualizations available on this dashboard.

You can choose the ESA host and Deployment name for the Dashboard view source using the filter.

                                                         
VisualizationMetricsObjectiveDescription
Sessions Behind by SourcesCount of sessions behind by sources.Provides the session behind trend for the sources to take necessary actions when the session behind goes higher.Displays the count of sessions behind by sources.
Sessions Rate by SourcesCount of sessions rate by sources.Provides the session rate trend for the sources to take necessary actions when the session rate goes higher.Displays the count of sessions rate by sources.
Top Rules by MemoryMemory used by rules.Provides the memory usage per rule to identify the rule with high memory usage and take necessary action.Displays the top rules based on memory usage.
Top Rules by CPUCPU used by rules.Provides the CPU usage per rule to identify the rule with high CPU usage and take necessary action.Displays the top rules based on CPU usage.
ESA Correlation Resident Memory UsageResident memory usage.Provides resident memory usage trend to be able to detect high usage and take necessary action.Displays the trend of ESA correlation resident memory usage.
ESA Correlation CPU UsageCPU usage.Provides CPU usage trend to detect high usage and take necessary action.Displays the trend of ESA correlation CPU usage.
ESA CR - Event Rate by DeploymentsEvent rate of each ESA correlation deployment.Identify the event rate by each deployment under ESA Correlation to detect high usage and take necessary action. Displays the trend of ESA correlation event rate of each deployment.

Previous Topic:Appendices
You are here
Table of Contents > Health and Wellness > Monitor using New Health and Wellness > Appendices > New Health and Wellness Dashboards

Attachments

    Outcomes