SA: Reporting RE Top Alerts Dashlet

Document created by RSA Information Design and Development on Jul 21, 2016Last modified by RSA Information Design and Development on Jul 24, 2016
Version 2Show Document
  • View in full screen mode
 

The Reports RE Top Alerts dashlet is a configurable dashlet that depicts top alerts in four chart types. You can configure the results to include in the chart (from the top 2 alerts to the top 15 alerts in the specified time range). 

The chart is summarized for each top alert against the number of events triggered by the alert for the defined time and refresh intervals. The first data point in the chart defines the number of events (alert count) triggered by the alert for the defined time. The subsequent data points are depicted by adding the alert count in the first data point and alert count in the defined refresh intervals.

For example, if for the defined time range, the number of events (alert count) triggered by the alert is 10, then the first data point in the chart is shown as 10. The subsequent data point = 10 +  number of events (alert count) triggered by the alert in the defined dashlet refresh interval.

To display this dashlet in the Security Analytics dashboard or as part of a custom dashboard, click ic-addList.PNG > Add Dashlet in the dashboard toolbar and select Reports RE Top Alerts from the Type drop-down menu.

ConfTopAlerts.png

The following figure is an example:

RE_Top_Alert.png

Features

This dashlet is a visual representation of the alerts most frequently triggered by the associated Reporting Engine. Each chart type can be defined by the number of top alerts, the time from when the alerts needs to be fetched, and the dashlet refresh interval for the chart to be refreshed.

                               
VariableDescription
Chart TypeSelect the type of chart that you want in the dashlet:
  • Bar (X-axis = Count and Y-axis = Alert name)
  • Column (X-axis = Count and Y-axis = Alert name)
  • Pie
  • Line (X-axis = Count and Y-axis = Alert name)
  • Tabular (X-axis = Count and Y-axis = Alert name)
TitleType a name for the Reporting Realtime Chart dashlet. The name appears in the title bar of the dashlet.
TopSelect the number of top alerts to be considered while configuring the dashlet. The value ranges from 2 - 15.
Past HoursSelect the time from when the alerts need to be fetched.
Dashlet Refresh Interval (Minutes)Set the time interval in minutes at which the data in the dashlet gets refreshed. The interval value ranges from 1-180 minutes.
You are here: References > Reporting RE Top Alerts Dashlet

Attachments

    Outcomes