Dashlets

Document created by RSA Information Design and Development on Sep 27, 2017Last modified by RSA Information Design and Development on Nov 16, 2017
Version 14Show Document
  • View in full screen mode
  

Dashlets for all RSA NetWitness Suite modules are available to add in the default RSA NetWitness Suite dashboard or a custom RSA NetWitness Suite dashboard. All dashlets have a common set of controls described in the RSA NetWitness Suite Getting Started Guide. This is an example of some currently available dashlets.

dashlet_choices.png

Some dashlets have additional configuration parameters and controls, for example the Reports Realtime Chart dashlet, Malware Top Listing of Highly Suspicious Malware dashlet, and the Admin Service Monitor dashlet. For more information on these additional controls, read the section that pertains specifically to that dashlet.

Note: For documentation sets prior to RSA NetWitness Suite 11.0, the detailed dashlet documentation is included in the Getting Started with Security Analytics Guide.

                                              

Admin News Dashlet

This dashlet presents product information and updates for the Administration module.

To display this dashlet in the RSA NetWitness Suite dashboard or as part of a custom dashboard, in the dashboard toolbar, select  > Add a Dashlet in the dashboard and select Admin News.

Admin Service List Dashlet

The Administration Service List dashlet is a list of available services in RSA NetWitness Suite with links to administrative tasks that can be taken on those services. In effect, this dashlet is a focused subset of the Administration Hosts View (see the topic in the Hosts and Services Getting Started Guide.

To display this dashlet in the RSA NetWitness Suite dashboard or as part of a custom dashboard, select ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Admin Services List.

Note the following:

  • The View menu () option is a quick link to the View menu in the Administration Services view. Select a service and click here to select a view.
  • The Navigate option is a quick link to the Navigate view in the Investigation module.
  • The Services grid has a subset of the grid columns in the Administration Hosts view. The following table provides descriptions of the columns presented in the dashlet
                               
ColumnDescription

Selection checkbox. Click in the heading to select or deselect all services in the list.

Connection Status


The connection icons indicate whether the connection to the service is good (green) or bad (red and gray). Rendering of the entire row in red text also reflects a bad connection status.

NameThe name of the service; for example HQ-Decoder or 10.26.22.44-Decoder.
AddressThe IP address of the NextGen service; for example, 10.26.22.44.
TypeThe type of service. Possible values are Broker, Concentrator, Decoder, Log Decoder, Log Collector, Archiver, Workbench, Warehouse Collector, Event Stream Analysis, IPDB Extractor, Reporting Engine, Malware Analysis, and Incident Management.

Admin Service Monitor Dashlet

The Admin Service Monitor dashlet summarizes service version and status information that appears in the Administration Services view. This is a subset of the columns in the Hosts view.

To display this dashlet in the RSA NetWitness Suite dashboard or as part of a custom dashboard, click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Admin Service Monitor. The Add a Dashlet dialog has an option to select the service type for the new dashlet.

The dashlet includes this subset of the columns in the Hosts view:

  • Name
  • Type
  • Version
  • Status
  • Memory usage
  • CPU

For more details about the Hosts view, see the Hosts and Services Getting Started Guide.

Dashboard RSA First Watch Dashlet

The Dashboard RSA First Watch dashlet delivers situational awareness and threat intelligence from across the RSA research and incident-response community, providing customers the intelligence to prepare for, respond to, and mitigate advanced cyber threats. The RSA First Watch, Incident Response, and Computer Incident Response Center (CIRC) teams track millions of IP addresses and domains, as well as dozens of unique threat sources and threat actors.

To display this dashlet in the Unified dashboard or as part of a custom dashboard, click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Dashboard RSA First Watch.

104FirstWatchDashlet.png

                 
ColumnDescription
DateThe date the article was posted.
ArticleThe article title, a sample of the article, and a "Read More" link to the full article.

Dashboard Shortcuts Dashlet

The Dashboard Shortcuts dashlet offers quick links to common tasks in other areas of RSA NetWitness Suite. It is a good tool for first-time users who are trying to get a feel for the system.

To display this dashlet in the RSA NetWitness Suite dashboard or as part of a custom dashboard, click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select the Dashboard Shortcuts dashlet.

DbdSCutsDlt.png

In addition to the standard dashlet controls, this dashlet has options that link to common RSA NetWitness Suite tasks.

                                           
OptionDescription
Configure Live ConnectionLinks to the Administration System View >  Live Configuration Panel, where you configure the connection to the Live content management system.
Add a ServiceLinks to the Services View.
Investigate a ServiceLinks to the Navigate View Navigate Tab, in which you can select a service to navigate from a list of available services.
Browse Live ResourcesLinks to the Live Search View, in which you search the Live resource library for resources.
Setup Live Intel SharingLinks to the Administration System View, in which you can choose to participate in live intelligence sharing. 
Manage Live SubscriptionsLinks to the Live Configure View, in which you view and edit subscriptions and deployments.
View My JobsLinks to the Jobs Panel (Profile View), in which you view RSA NetWitness Suite jobs.
View My NotificationsLinks to the Notifications Panel (Profile View), in which you view system notifications.

Dashboard What's New Dashlet

The Dashboard What's New dashlet displays the latest product information and announcements for all RSA NetWitness Suite products.

To display this dashlet in the dashboard or as part of a custom dashboard, click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Dashboard What's New dashlet.

WhatsNewDlt.png

Incidents Analysts Activity Dashlet

The Incidents Analysts Activity dashlet shows the number and status of incidents per analyst, over a range of time. It displays three categories:

  • Closed incidents
  • Open incidents
  • Remediation in progress

To display this dashlet in the RSA NetWitness Suite dashboard or as part of a custom dashboard, click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar. Select Incidents Analysts Activity from the drop-down menu and set a time range for the activity.

dashlet_IncidentAnalystsActivity.png

Note: When you collapse the dashlet using the dshlet_toggle.png option, the bars take some time to redisplay. You can refresh the browser to see the graph quickly.

                 
FeatureDescription
Bar graphWhen you hover the mouse over a portion of the bar graph, the number and status of incidents is displayed in text.
Incident categoriesIn the legend at the bottom, incident categories are displayed. Clicking a category removes it from the graph. Clicking the category again re-displays it in the graph.

Incidents Queue Activity Dashlet

The Incidents Queue Activity dashlet displays the total number of alerts, incidents, and remediation tasks for a selected time range. 

To display this dashlet on the RSA NetWitness Suite dashboard or as part of a custom dashboard, click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Incidents Queue Activity. In the Add a Dashlet dialog, enter a title for the dashlet and select a time range for results.

The figure below is an example of the dashlet with information from the last 7 days.

dashlet_IncidentQueueActivity.PNG

                 
FeatureDescription
TotalsSeparate rows display the totals of alerts, incidents, and remediation.
Clicking a total opens the respective tab for alerts, incidents, or remediation.
Increase and DecreaseThe number below the total is the amount of increase or decrease. A total that has changed more than 33% is in red. A total that has changed less than 33% is in gray.

Investigation Jobs Dashlet

The Investigation Jobs dashlet displays the status of all jobs in the Investigation module. The toolbar, grid, and job management procedures are described under Jobs Tray.

To display this dashlet in the default dashboard or as part of a custom dashboard, click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Investigation Jobs.

104InvJobsDashlet.png

The Investigation Jobs dashlet lists all jobs that you own, recurring and non-recurring, and lets you monitor their progress.

                         
FeatureDescription
The Resume option applies only to recurring jobs that have been paused. When you resume a paused job, the next execution of the job executes as scheduled.
The Pause option applies only to recurring jobs. When you pause a recurring job that is running, it has no effect on that execution. The next execution (assuming the job is still paused) is skipped.
Cancels a recurring or non-recurring job. You can cancel a job while it is running. If you cancel a recurring job, it cancels that execution of the job. The next time the job is scheduled to run, it executes normally.
104DeleteIcon.png Deletes a recurring or non-recurring job from the Jobs panel. When you delete a job, the job is instantly deleted from the Jobs panel. No confirmation dialog is offered. If you delete a recurring job, all future executions are removed as well.

Investigation Top Values Dashlet

The Investigation Top Values dashlet allows you to inspect the top values for a specific time period and for a specific meta type on a given appliance. You define the meta data and query parameters in the Add a Dashlet dialog.

To display this dashlet in the RSA NetWitness Suite dashboard or as part of a custom dashboard, click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Investigation Top Values.

104InvTopValuesDashlet.png

You define the meta data and query parameters in the Add a Dashlet dialog.

                                   
FeatureDescription

Title

The title of the dashlet.

Service

The name or IP address of the target service.

Time (Relative)

Last 5 minutes
Last 10 minutes
Last 15 minutes
Last 30 minutes
Last Hour
Last 3 Hours
Last 6 Hours
Last 12 Hours
Last 24 Hours
Last 2 Days
Last 5 Days

Meta Type

Select the meta type from the drop-down list.

Query

Complete the query to further define the results

Result Limit

Select the number of results to display from the drop-down list.

Live Featured Resources Dashlet

The Live Featured Resources dashlet displays the list of Live resources that are tagged as featured for the configured Content Management System (CMS) server.

To display this dashlet in the RSA NetWitness Suite dashboard or as part of a custom dashboard, click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Live Featured Resources.

104LiveFeatResDashlet.png

This dashlet has a paged view of featured Live resources and provides the following information about each resource.

                           
ValueDescription

104ResTypeIcon.png(Resource Type Icon)

 

Each type of Live resource is represented by an icon. For example, the icon in the screen capture represents a Parser feed. Clicking the Resource Type icon opens a new browser tab with the detailed view of the resource in the Live Resource view.

Resource Name

The name of the resource, for example, NetWitness APT Threat IPs. Clicking the Resource Name displays the detailed view of the resource in the Live Resource view. The view opens in the current browser tab.

Date Created

The date the resource was created.

Last Updated Date

The date the resource was last updated.

Live New Resources Dashlet

The Live New Resources dashlet displays a list of Live CMS resources that are tagged as new for the configured Content Management System (CMS) server. You can click a resource name to go to the detailed view of the resource.

To display this dashlet in the RSA NetWitness Suite dashboard or as part of a custom dashboard, click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Live New Resources.

104LiveNewResDashlet.png

This dashlet has a paged view of new Live resources and provides the following information about each resource.

                           
ValueDescription
104ResTypeIcon.png Resource Type IconEach type of Live resource is represented by an icon. For example, the icon to the left represents a Decoder Flex Parser. Clicking the Resource Type icon opens a new browser tab with the detailed view of the resource in the Live Resource view.
Resource NameThe name of the resource, for example, Ghost Protocol Parser. Clicking the Resource Name displays the detailed view of the resource in the Live Resource view. The view opens in the current browser tab.
Date CreatedThe date the resource was created.
Last Updated DateThe date the resource was last updated.

Live Subscriptions Dashlet

The Live Subscriptions dashlet presents a listing of all Live resources to which this RSA NetWitness Suite instance is subscribed. This is simply a quick reference list. If you need to manage subscriptions, use the Subscriptions Tab in the Live Manage view.

To display this dashlet in the RSA NetWitness Suite dashboard or as part of a custom dashboard, click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Live Subscriptions.

104LiveSubDashlet.png

The grid is a subset of the subscriptions grid in the Live Manage View.

                       
ValueDescription
NameDisplays the name of the subscription.
TypeSpecifies the type of subscription.
DescriptionDescribes the type of information supplied by the subscription.

Live Updated Resources Dashlet

The Live Updated Resources dashlet displays a list of Live CMS resources that are tagged as updated for the configured Content Management System (CMS) server. You can click on the resource title to go to a detailed view of the resource.

To display this dashlet in the RSA NetWitness Suite dashboard or as part of a custom dashboard, click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Live Updated Resources.

104LiveUpdateResDashlet.png

This dashlet has a paged view of updated Live resources and provides the following information about each resource.

                           
ValueDescription
ResourceTypeDecoderFeedIcon.pngResource Type IconEach type of Live resource is represented by an icon. For example, the icon in the screen capture represents a Decoder feed. Clicking the Resource Type icon opens a new browser tab with the detailed view of the resource in the Live Resource view.
Resource NameThe name of the resource, for example, Spamhaus EDROP List IP Ranges. Clicking the Resource Name displays the detailed view of the resource in the Live Resource view. The view opens in the current browser tab.
Date CreatedThe date the resource was created.
Last Updated DateThe date the resource was last updated.

Malware Malware with High Confidence IOCs and High Scores Dashlet

The Malware Malware with High Confidence IOCs and High Scores dashlet presents the events that Malware Analysis detected with Indicators of Compromise, high likelihood of harboring malware, and high scores in the scoring modules. This dashlet is available in the Unified dashboard and in the Malware view. When a Malware Analyst first logs on to RSA NetWitness Suite, by default the only visible dashlet in the Unified view is the What's New dashlet. The analyst must create any additional Malware dashlets.

The Malware Malware with High Confidence IOCs and High Scores dashlet is configurable. You can create multiple copies of the dashlet, filter results, and configure the display of results as an Events List or a Files List.

To display this dashlet in the RSA NetWitness Suite Dashboard or as part of a custom dashboard, click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Malware Malware with High Confidence IOCs and High Scores from the Type drop-down menu.

This is an example of the Malware Malware with High Confidence IOCs and High Scores dashlet settings.

Mal_HighIOCsDashlet.png

This is an example of the Malware with High Confidence IOCs and High Scores dashlet.

MaMaHIOCDlt.png

The following table lists configurable values for this dashlet.

                                       
VariableDescription
TitleIdentifies the name of the dashlet. Each dashlet needs a unique name, especially if you have more than one instance of the same dashlet. The name appears in the title bar of the dashlet.
Influenced by High Confidence OnlyWhen checked, only events and files that were flagged as High Confidence (or likelihood) for containing Indicators of Compromise are displayed in the dashlet.
Static, Network, Community, SandboxFilters the results based on the scores for each scoring module. You can set the value as =, <=, or >=.
Result LimitSets the number of results to be displayed. Possible values in the drop-down list are 5, 10, 20, 30, or 40.
ServiceSelects the service to be monitored.
Time (Relative)Limits the time range of displayed results.
Show Events or Show FilesSpecifies the form of the results, either Events List or Files List format.

Malware Scan Jobs List Dashlet

The Malware Scan Jobs List dashlet displays the same Scan Jobs List found in the Select a Malware Service dialog. You can open completed scans directly from this dashlet.

To display this dashlet in the RSA NetWitness Suite dashboard or as part of a custom dashboard, click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Malware Scan Jobs List.

MaScaJobDlt.png

The columns in this Scan Jobs list are the same as those in the Scan Jobs List in the Select a Malware Service dialog.

Double-clicking on a job allows you to view a job in the Investigation > Malware Analysis view. The Summary of Events for the selected scan opens with the default dashlets displayed in a new browser tab.

Malware Top Listing of Possible Zero Day Malware Dashlet

The Top Listing of Possible Zero Day Malware dashlet presents the top 10 events indicative of a possible zero day attack in the Malware Analysis Events List or the Files List. This dashlet is available in the dashboard and in the Malware view. When a Malware Analyst first logs in to RSA NetWitness Suite, by default the only visible dashlet in the view is the What's New dashlet. The analyst must create any additional Malware dashlets.

The Top Listing of Possible Zero Day Malware dashlet is configurable. You can create multiple copies of the dashlet, filter results, and configure the display of results as an Events List or a Files List. From this dashlet, you can launch an Malware Analysis investigation of an event directly by double-clicking the event; you do not have to go to the Investigation > Malware view to begin.

To display this dashlet in the RSA NetWitness Suitedashboard or as part of a custom dashboard, click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Malware Top Listing of Possible Zero Day Malware from the Type drop-down menu.

This is an example of the dashlet settings configured to display the Events List.

MalwareZeroDayDashlet.png

This is an example of the dashlet. The features in the dashlet are the same as those on the Malware Analysis Events List or the Files List.

MaTopLstPos0Dlt.png

The following table lists configurable values for this dashlet.

                                       
VariableDescription
TitleIdentifies the name of the dashlet. Each dashlet needs a unique name, especially if you have more than one instance of the same dashlet. The name appears in the title bar of the dashlet.
Influenced by High Confidence OnlyWhen checked, only events and files that were flagged as High Confidence (or likelihood) for containing Indicators of Compromise are displayed in the dashlet.
Static, Network, Community, SandboxFilters the results based on the scores for each scoring module. You can set the value as =, <=, or >=. The operator for the community filter is less than or equal to the applied slider value by default. The operator for the other filters is greater than or equal to by default.
ServiceSelects the service to be monitored.
Time (Relative)Limits the time range of displayed results.
Result LimitSets the number of results to be displayed. Possible values in the drop-down list are 5, 10, 20, 30, or 40.
Show Events or Show FilesSpecifies the form of the results, either Events List or Files List format.

Malware Top Listing of Highly Suspicious Malware Dashlet

The Malware Top Listing of Highly Suspicious Malware dashlet presents the top 10 most suspicious events in the Malware Analysis Events List or the Files List. This dashlet is available in the dashboard and in the Malware Analysis view. When a Malware Analyst first logs in to RSA NetWitness Suite, by default the only visible dashlet dashboard is the What's New dashlet. The analyst must create any additional Malware Analysis dashlets.

The Malware Top Listing of Highly Suspicious Malware dashlet is configurable. You can create multiple copies of the dashlet, filter results, and configure the display of results as an Events List or a Files List.

To display this dashlet in the RSA NetWitness Suite Dashboard or as part of a custom dashboard, click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Malware Top Listing of Highly Suspicious Malware from the Type drop-down menu.

MalwareSuspListDashlet.png

This is an example of the dashlet.

MaTopLstSusDlt.png

The features are the same as the features of the Malware Analysis Events List and Files List (see the Investigation and Malware Analysis Guide for details). To launch a Malware Analysis investigation of an item in the dashlet, double-click an event or file name in the grid.

The following table lists configurable values for this dashlet.

                                       
VariableDescription
TitleIdentifies the name of the dashlet. Each dashlet needs a unique name, especially if you have more than one instance of the same dashlet. The name appears in the title bar of the dashlet.
Influenced by High Confidence OnlyWhen checked, only events and files that were flagged as High Confidence (or likelihood) for containing Indicators of Compromise are displayed in the dashlet.
Static, Network, Community, SandboxFilters the results based on the scores for each scoring module. You can set the value as =, <=, or >=.
ServiceSelects the service to be monitored.
Time (Relative)Limits the time range of displayed results.
Result LimitSets the number of results to be displayed. Possible values in the drop-down list are 5, 10, 20, 30, or 40.
Show Events or Show FilesSpecifies the form of the results, either Events List or Files List format.

Reports Realtime Chart Dashlet

The Reports Realtime Chart dashlet displays one of the charts from the list of charts that you defined. The chart output is from the live data and it refreshes itself based on the refresh interval that you set. Each chart is defined by the Chart Type and Past Hours value that you select.

You can select either the Chart Values over Time or Chart with Totals option. The chart graphs the current data and does not display data points for historical data. 

The chart is generated for data depending on the time interval that you defined in the chart definition. The data are available from a maximum of the past 20 time intervals. For example, if in the chart definition you selected a refresh interval as five minutes and past hour as one hour, the chart displays data from the past 60 minutes. The chart in the dashlet refreshes itself based on the dashlet refresh interval that you have defined.

Column Chart Dashlet

To display this dashlet in the RSA NetWitness Suite dashboard or as part of a custom dashboard, click >and then . From the Add a Dashlet dialog, select the Reports Realtime Chart from the Type drop-down menu. In the Chart Type drop-down, select the Column option.

RE_Realtime_Chart.png

Chart options are listed in the following table.

                                   
VariableDefinition

Chart

Select a chart from the already defined charts. You can select only one chart per dashlet.

Title

Type a name for the Reporting Realtime Chart dashlet. The name appears in the title bar of the dashlet.

Series

Chart Values over Time: The chart displays the change in values for the selected time.

Chart with Totals: The chart displays a total for each aggregate value for the selected time.

Chart Type

Select the type of chart that you want in the dashlet. The values provided in the drop-down menus are: column, pie, and geomap.

Past Hours

Select the past time range for the data to be displayed.

Dashlet Refresh Interval

Set the time interval in minutes at which the data in the dashlet gets refreshed. The interval value ranges from 1-180 minutes.

GeoMap Chart Dashlet

You can also plot geographical map charts on dashlets. To add a geomap chart dashlet on the dashboard, click >and then . From the Add a Dashlet dialog, select the Reports Realtime Chart from the Type drop-down menu. In the Chart Type drop-down, select the GeoMap option.

Note: The GeoMap option is available for rules for which you have selected IP-address-related metas.

Note: Set the time interval in minutes at which the data in the dashlet gets refreshed. The interval value ranges from 1-180 minutes.

Here is an example of a GeoMap chart which displays the Destination IP addresses for the past 24 hours and is applicable only for all the Reporter Chart Dashlets.

You can zoom in, zoom out and export a GeoMap chart.

GeoMap Chart options are listed in the following table.

                           
VariableDescription
Zooms in the GeoMap to fit the screen.
Zooms out the GeoMap to fit the dashlet grid.
Exports the GeoMap chart to save a copy on your local system.
Last RefreshedDisplays the time at which the data is polled from the related chart.

This is an example of the zoomed in GeoMap Chart which displays the relevant information when the user hover's the mouse.

Reports RE Alert Variance Dashlet

The Reports RE Alert Variance dashlet is a configurable dashlet that depicts top alerts in four different time series chart types. You can configure the results to include in the chart (from the top 2 alerts to the top 15 alerts in the specified time range).

To display this dashlet in the RSA NetWitness Suitedashboard or as part of a custom dashboard, select ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Reports RE Alert Variance from the Type drop-down menu.

RE_AlertVarDashlet.png

The following figure is an example:

RE_Alert_Var.png

This dashlet is a visual representation of the alerts most frequently triggered by the associated Reporting Engine. Each chart type can be defined by the number of alerts and past hours from when the alerts need to be fetched, and the dashlet refresh interval for the chart to be refreshed.

                               
VariableDescription
TypeSelect the type of chart that you want in the dashlet:
  • Bar (X-axis = Count and Y-axis = Alert name)
  • Column (X-axis = Count and Y-axis = Alert name)
  • Line (X-axis = Count and Y-axis = Alert name)
TitleProvide a name for the Reporter Realtime Chart dashlet. The name appears in the title bar of the dashlet.
No of AlertsSelect the number of alerts to be considered while configuring the dashlet. The value ranges from 2 - 15.
Past HoursSelect the time from when the alerts need to be fetched.
Dashlet Refresh Interval (Minutes)Set the time interval in minutes at which the data in the dashlet gets refreshed. The interval value ranges from 1-180 minutes.

Reports Recent Run Report Dashlet

The Reports Recent Run Report dashlet consists of a list of reports that were run recently in RSA NetWitness Suite. The recent reports displayed are from the last 24 hours.

To display this dashlet in the RSA NetWitness Suite dashboard or as part of a custom dashboard, click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Reports Recent Run Report from the Type drop-down.

RE_Recent_Reports.png

The columns present in the dashlet by default are described in the following table.

                         
ColumnDescription
Report NameThe name of the recently run report.
Run ConfigThe run configuration of the recently run report.
TimeThe time the report was scheduled.
ExportClick on the export icon (104ExpIconRecRunRepDash.png) to export the file.

Reports RE Recent Alerts Dashlet

The Reports RE Recent Alerts dashlet displays the latest alerts on the dashboard. You can configure the number of latest alerts to be displayed and also specify the time range from when the alerts needs to be fetched.

To display this dashlet in the RSA NetWitness Suite dashboard or as part of a custom dashboard, click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Reports RE Recent Alerts from the Type drop-down menu.

RE_RecAlertsDashlet.png

The following figure is an example:

RE_Recent.png

The following table describes the columns in the Reports RE Recent Alerts dashlet.

                 
ColumnDescription
NameThe name of the alert as defined.
DetectedThe date and time that the alert fired. This detection time is when RSA NetWitness Suite detected the conditions for firing this alert.

Reporting RE Top Alerts Dashlet

The Reports RE Top Alerts dashlet is a configurable dashlet that depicts top alerts in four chart types. You can configure the results to include in the chart (from the top 2 alerts to the top 15 alerts in the specified time range). 

The chart is summarized for each top alert against the number of events triggered by the alert for the defined time and refresh intervals. The first data point in the chart defines the number of events (alert count) triggered by the alert for the defined time. The subsequent data points are depicted by adding the alert count in the first data point and alert count in the defined refresh intervals.

For example, if for the defined time range, the number of events (alert count) triggered by the alert is 10, then the first data point in the chart is shown as 10. The subsequent data point = 10 +  number of events (alert count) triggered by the alert in the defined dashlet refresh interval.

To display this dashlet in the RSA NetWitness Suite dashboard or as part of a custom dashboard, click ic-addDrop.PNG > Add Dashlet in the dashboard toolbar and select Reports RE Top Alerts from the Type drop-down menu.

ConfTopAlerts.png

The following figure is an example:

RE_Top_Alert.png

This dashlet is a visual representation of the alerts most frequently triggered by the associated Reporting Engine. Each chart type can be defined by the number of top alerts, the time from when the alerts needs to be fetched, and the dashlet refresh interval for the chart to be refreshed.

                               
VariableDescription
Chart TypeSelect the type of chart that you want in the dashlet:
  • Bar (X-axis = Count and Y-axis = Alert name)
  • Column (X-axis = Count and Y-axis = Alert name)
  • Pie
  • Line (X-axis = Count and Y-axis = Alert name)
  • Tabular (X-axis = Count and Y-axis = Alert name)
TitleType a name for the Reporting Realtime Chart dashlet. The name appears in the title bar of the dashlet.
TopSelect the number of top alerts to be considered while configuring the dashlet. The value ranges from 2 - 15.
Past HoursSelect the time from when the alerts need to be fetched.
Dashlet Refresh Interval (Minutes)Set the time interval in minutes at which the data in the dashlet gets refreshed. The interval value ranges from 1-180 minutes.
Previous Topic:Dashboards
You are here
Table of Contents > Dashboards and Dashlets > Dashlets

Attachments

    Outcomes