Chart is a graphical visualization of data. You can view different kinds of charts, including multiple types of plot, line, bar, and area charts.
Any NWDB rule in the Reporting Engine system which is not sorted by none can be used to instantly create a chart. For more information on 'How to create an NWDB rule', see Configure a Rule.
The chart interval can be adjusted from the chart definition panel itself. Every time a chart is executed, it stores its result data locally in the Reporting Engine, so that it can be reviewed in either the Dashboard View or Chart View without any performance considerations.
The following is an overview of the entire process of configuring and generating a chart.
To configure and generate a chart, perform the following:
- Configure Reporting Engine
- Configure an NWDB rule
- Configure a Chart
- Schedule a Chart
- View a Chart
- Test a Chart
- Investigate a Chart
- Manage a Chart Group and Chart
You must configure the Reporting Engine before you can configure and generate a chart. You must also specify the data source in the Reporting Engine from which the data is extracted. For more information on how to configure a Reporting Engine, see Configure Reporting Engine topic in Reporting Engine Configuration Guide.
The NetWitness rule which is not sorted by none is used to create a chart. The NetWitness database extracts the meta from the Reporting Engine and provides the meta for rules. These rules are an essential building block in managing a chart.
You can configure a chart using the NWDB rules.
After a chart is defined with the required components, you can configure its execution properties by scheduling a chart. Here, you can quickly view, add, and edit the schedule details for a chart.
You can view the scheduled charts in the Chart View.
You can run the test on a chart and view all the chart details based on the selected time range.
The Reporting Module provides access control at the chart level. Only a user who has the right set of permissions can perform the tasks in Reporting module. The access control is managed by the administrator from the Administration > Security > Roles tab.
When you create users and user roles, ensure that the roles that you create for specific tasks have access to all the necessary permissions. This could require permissions at several levels of the role hierarchy.
Charts can be tied to a specific set of user roles so that when a user logs into NetWitness, the charts with the access rights for the specific user role can be viewed. Users that belong to a user role with the 'Read & Write' access permission can define charts. Further, the access can be tightened so that charts are accessed only by those who have the 'Read Only' access.
At the chart level, you can set the following access permissions for the user roles in NetWitness:
- Read & Write
- Read Only
- No Access
To change the access permission for a specific user role, you must set the permission at the chart level. For example, for Administrators to have access to a specific chart, you could set the permission 'Read & Write' in the Charts Permissions dialog.
You can apply read-only permission to rules in the charts by selecting the checkbox.
Two scenarios that describe how to set access control are explained here:
- Scenario 1: Permissions applied to Chart Group/ Subgroup/ Chart/ Rules based on the user role.
- Scenario 2: Read-only permission applied to Rules in the Chart.
The chart is assigned the role of a Security Analyst and permissions are set to 'Read & Write' charts.
For scenario 1, each of the levels has a permission set based on the user role. For scenario 2, the Read permission is set for the rules except that the permission for the rules cannot be higher than the permission for the charts.
Access Control for a Chart When Multiple Charts are Selected
To change permissions for multiple charts, you must select several charts and set their access permissions using the Charts Permissions panel. The access permission that you choose is applied to all the selected charts.
Access Control for a Chart When Multiple Charts with Several Rules are Selected
To change access permissions for a specific user role when multiple charts with several rules are selected, select the checkbox in the Charts Permissions panel.
The read-only access permission is applied to all the rules of the selected charts, provided that the permission of the rules are lower than the permission of the charts.
To change chart group permissions, select a chart group and set the access permissions using the Charts Permissions panel. Before chart group permissions are applied, the default permission set for all the user roles is 'No Access'.
To change the access permission for a specific user role, set the permission at the chart group level. For example, for administrators to have access to all the charts in a Chart Group, set the permission 'Read & Write' in the Charts Group Permissions panel.
You can also apply permissions to subgroups and charts in the group, and apply read-only permission to rules in the charts by selecting the appropriate checkboxes.
Three scenarios that describe how to set access control are explained here:
- Scenario 1: Permissions applied to chart groups, subgroups, or charts based on user roles.
- Scenario 2: Permissions applied to subgroups and charts in the group.
- Scenario 3: Read-only permission applied to rules in the chart.
The chart group is assigned the role of a Security Analyst and permissions are set to 'Read & Write'.
For scenario 1, each of the levels will have a permission set depending on the user role.
For scenario 2, the permission at the chart group level will be inherited by the subgroup and by charts in the group.
For scenario 3, the Read permission is set for the rules. However, the permission set for the rules cannot be higher than the permissions set for the chart group.
The following table lists the columns in the Charts Permissions panel: