This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
  • RSA.com
  • Products
    • Archer®
      • Archer®
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Ideas
      • Knowledge Base
      • Archer® Exchange
      • Training
      • Upcoming Events
      • Videos
    • RSA® Fraud & Risk Intelligence Suite
      • RSA® Fraud & Risk Intelligence Suite
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® FraudAction Services
      • RSA® Web Threat Detection
      • Upcoming Events
      • Videos
    • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication Cloud
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Events
      • Ideas
      • Knowledge Base
      • Training
      • Upcoming Patch Content
      • Videos
    • RSA® Adaptive Authentication Mobile SDK
      • RSA® Adaptive Authentication Mobile SDK
      • Advisories
      • Events
      • Ideas
      • Knowledge Base
      • Request Access
      • Training
    • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Events
      • Ideas
      • Knowledge Base
      • Training
      • Videos
    • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Events
      • Ideas
      • Knowledge Base
      • Training
      • Videos
    • RSA® Adaptive Authentication for eCommerce
      • RSA® Adaptive Authentication for eCommerce
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Ideas
      • Knowledge Base
      • Training
      • Videos
    • RSA® FraudAction Services
      • RSA® FraudAction Services
      • Advisories
      • Discussions
      • Documentation
      • Ideas
      • Videos
    • RSA® Web Threat Detection
      • RSA® Web Threat Detection
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Ideas
      • Knowledge Base
      • Videos
    • RSA NetWitness® Platform
      • RSA NetWitness® Platform
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Ideas
      • Integrations
      • Knowledge Base
      • Training
      • Upcoming Events
      • Videos
    • RSA NetWitness® Detect AI
      • RSA NetWitness® Detect AI
      • Documentation
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
    • RSA NetWitness® Investigator
      • RSA NetWitness® Investigator
      • Documentation
      • Download the Client
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
    • RSA NetWitness® Orchestrator
      • RSA NetWitness® Orchestrator
      • Overview
      • Documentation
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
    • RSA SecurID® Suite
      • RSA SecurID® Suite
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Knowledge Base
      • Ideas
      • Integrations
      • Training
      • Videos
    • RSA® Identity Governance & Lifecycle
      • RSA® Identity Governance & Lifecycle
      • Advisories
      • Blog
      • Community Exchange
      • Discussions
      • Documentation
      • Downloads
      • Ideas
      • Knowledge Base
      • Training
      • Upcoming Events
      • Videos
    • RSA SecurID® Access
      • RSA SecurID® Access
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Ideas
      • Integrations
      • Knowledge Base
      • Training
      • Upcoming Events
      • Videos
    • Other RSA® Products
      • Other RSA® Products
      • RSA® Access Manager
      • RSA® Data Loss Prevention
      • RSA® Digital Certificate Solutions
      • RSA enVision®
      • RSA® Federated Identity Manager
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
  • Resources
    • Advisories
      • Product Advisories on RSA Link
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication Hosted
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® FraudAction Services
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Product Advisories
    • Blogs
      • Blogs on RSA Link
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Blogs on RSA Link
    • Discussion Forums
      • Discussion Forums
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® FraudAction Services
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Discussion Forums on RSA Link
    • Documentation
      • Product Documentation
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication Mobile SDK
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® FraudAction Services
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Documentation on RSA Link
    • Downloads
      • Product Downloads
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Downloads on RSA Link
    • Ideas
      • Idea Exchange
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication Mobile SDK
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® FraudAction Services
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Documentation on RSA Link
    • Knowledge Base
      • Knowledge Base
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication Mobile SDK
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Knowledge Base Pages on RSA Link
    • Upcoming Events on RSA Link
      • Upcoming Events
    • Videos
      • Videos on RSA Link
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Videos on RSA Link
  • Support
    • RSA Link Support
      • RSA Link Support
      • News & Announcements
      • Getting Started
      • Support Forum
      • Support Knowledge Base
      • Ideas & Suggestions
    • RSA Product Support
      • RSA Product Support
      • General Security Advisories and Statements
      • Product Life Cycle
      • Support Information
      •  
      •  
      •  
      •  
      •  
  • RSA Ready
  • RSA University
    • Certification Program
      • Certification Program
    • Course Catalogs
      • Course Catalogs
      • Archer®
      • RSA NetWitness® Platform
      • RSA SecurID® Suite
    • On-Demand Subscriptions
      • On-Demand Subscriptions
      • Archer®
      • RSA NetWitness® Platform
      • RSA SecurID® Suite
    • Product Training
      • Product Training
      • Archer®
      • RSA® Fraud & Risk Intelligence Suite
      • RSA® Identity Governance & Lifecycle
      • RSA NeWitness® Platform
      • RSA SecurID® Access
    • Student Resources
      • Student Resources
      • Access On-Demand Learning
      • Access Virtual Labs
      • Contact RSA University
      • Enrollments & Transcripts
      • Frequently Asked Questions
      • Getting Started
      • Learning Modalities
      • Payments & Cancellations
      • Private Training
      • Training Center Locations
      • Training Credits
      • YouTube Channel
    • Upcoming Events
      • Upcoming Events
      • Full Calendar
      • Conferences
      • Live Classroom Training
      • Live Virtual Classroom Training
      • Webinars
Sign In Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

Visit the Known Issues dashboard if you are experiencing issues on RSA Link

View Dashboard

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
  • RSA Link
  • :
  • Products
  • :
  • Other RSA Products
  • :
  • RSA enVision
  • :
  • Discussions
  • :
  • What reports are on your Dashboard?
  • Options
    • Subscribe to RSS Feed
    • Mark Topic as New
    • Mark Topic as Read
    • Float this Topic for Current User
    • Bookmark
    • Subscribe
    • Mute
    • Printer Friendly Page
RSAAdmin
RSAAdmin Beginner
Beginner
‎2009-01-20 01:17 PM
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

What reports are on your Dashboard?

Besides the default reports, I have one custom report I've created.  It is called the "Alerts - Failed Windows Logons". 

 

Table:  Windows Accounting

Fields:  Count(MessageID), MessageID, UserName

 

Sort Order:  count(MessageID)  (Descending)

 

SQL where clause:  EventLog = 'Security' AND Reason NOT IN ('An unexpected error occurred during  logon') AND (MessageID IN ('Security_675_Security') OR MessageID IN ('Security_672_Security') OR MessageID IN ('Security_676_Security'))

 

==============================================

 

Please post your custom reports with specifics. 

  • Tags:
  • aid
  • as
  • at
  • coming!
  • Community Thread
  • Dashboard
  • Discussion
  • enhance
  • enVision
  • experience
  • fellas
  • forthcoming
  • Forum Thread
  • great
  • greatly
  • here
  • in
  • information
  • is
  • it
  • keep
  • look
  • product
  • releases.
  • Reports
  • rsa
  • RSA enVision
  • stuff.
  • the
  • this
0 Likes
Share
Reply
  • All forum topics
  • Previous Topic
  • Next Topic
18 Replies
RSAAdmin
RSAAdmin Beginner
Beginner
‎2009-01-20 10:31 PM
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

I won't clutter the post with all the details of each dashboard item, but here's a partial list of some of our more popular ones.  If anyone is interested in details for one in particular let me know.

 

ACE Server - Failed Auths (lost expired dissabled)
ACE server - Failed Auths - Top 10
ACE Server - Failed Auths Trend - 16 HR
ACE Server - Failed Auths by Type - 16 HR
ACE Server - SecurID Tokens Dissabled -16 HR
ACE Server - Succesful Auths - Top 10
ACE Server - Succesful Auths Trend
ACE Server - Succesful Auths by Agent Host
ACE Server - Succesful Auths by type
Accounts added to admin Group
CPFW - All Top Denied IPs
CPFW - (firewall cluster name here) Top Denied Inbound IPs   <<we have one for each cluster
Failed PW Resets
IDS - Alarm Trends (All sensors)
IDS - Alarm Trends (network sensors)
IDS - Alarm Trends (server sensors)
IDS - Top 10 Alarm Destinations (network - DMZ)
IDS - Top 10 Alarm Sources (network - DMZ)
IDS - Top 10 Alarms (network sensors)
IDS - Top 10 Alarms (server sensors)
IDS - Top Threats - 1 HR
IDS - Trends 16 HR
Interactive Logins By Service Accounts
Windows Server Admin Login Distributions
Locked out Accounts
Locked out Admin Accounts
NAS - successful SSH Logins
NAS - Unsupported Operation Errors Top 20
NAS - Virus Hits - 16 HR
PW Changes by Non-Owner
Top Failed Login Accts - (Watchlist name here)  <<we have one for each watchlist
User Accounts Created
User Accounts Deleted
User Accounts Enabled
User Accounts Disabled
User Accounts Locked
User Accounts Unlocked
(departmentname)-Oncall-View-Alert-Summary  <<we have one for each team who's on-call
(departmentname)-Oncall-View-ALert-Trend  <<we have one for each team who's on-call

Open RSA Support Cases << I'm just kidding, i dont really dashbard that but wouldn't that be cool :smileywink: 

0 Likes
Share
Reply
RSAAdmin
RSAAdmin Beginner
Beginner
‎2009-01-20 11:21 PM
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

A couple that I like to create for prospects to show the executive summarizing capabilities of the dashboard are:

 

Top 10 Windows Security Events (Bar Graph)

      Windows Accounting Table

      X Axis:  EventID

      Y Axis:  count(EventID)

      SQL:  MessageID LIKE 'Security%Security'

 

Top 10 Threat Summary (Tabular)

      Baseline Table

      Fields:  EventCategory, sum(TotalMsgs)

      SQL:  DeviceTypeName != 'nic' AND (EventCategory LIKE 'Recon.%' OR EventCategory LIKE 'Attacks.%' OR EventCategory LIKE 'User.Activity.%')

 **You can use whatever other categories you may consider as a threat in the SQL Where Clause for this one - this is just what I use

 

Set the time ranges to whatever period suits your needs.

0 Likes
Share
Reply
RSAAdmin
RSAAdmin Beginner
Beginner
In response to RSAAdmin
‎2009-01-21 07:30 AM
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Nice!  Thank you Matt!
0 Likes
Share
Reply
RSAAdmin
RSAAdmin Beginner
Beginner
In response to RSAAdmin
‎2009-01-21 07:32 AM
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

That's an impressive list!  I'll have to talk to my team and see which ones we'd like to pick your brain about.  Thanks!!
0 Likes
Share
Reply
RSAAdmin
RSAAdmin Beginner
Beginner
In response to RSAAdmin
‎2009-01-21 10:20 AM
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Fellas, this is great stuff. As we here at RSA look to enhance the user experience of enVison in forthcoming releases, this information is invaluable. Keep it coming. And if you have any questions/suggestions/comments for how you would like to see enVision improved, please feel free to contact me directly at adam.winkler@rsa.com.
0 Likes
Share
Reply
RSAAdmin
RSAAdmin Beginner
Beginner
‎2009-01-23 02:25 PM
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

People might already know this, but I find that a good place to get the details (or inspiration) for dashboard items is to go into Reports, and copy an existing canned report so that you can then click on modify and get the details of the table/fields and SQL clause that you need to create a similar dashboard item.

 

In a future version, could there eventually be a function to click on a button and automatically convert reports into dashboard items? (Minus the runtime parameters and the like).

 

Below is a simple dashboard item that shows exclusively account lockout events in Windows (i.e. not failed logins, but only cases where accounts have been locked out).

 

Table: Windows Accounting

 

Select Fields:

DATEFORMAT(Date/Time,'yyyy-mm-dd hh')

UserID

Workstation

 

Sort DATEFORMAT(Date/Time,'yyyy-mm-dd hh') Descending

 

SQL: EventID = '644'

 

This will show a timestamp, username of the locked account (domain/username format), and source workstation/device. 

0 Likes
Share
Reply
RSAAdmin
RSAAdmin Beginner
Beginner
In response to RSAAdmin
‎2009-01-26 08:01 AM
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Thanks for adding your dashboard report j2008!  I too use the Ad Hoc reports as my base for creating Dashboard reports.  It is good practice to use Queries and Ad Hoc reports before creating the Dashboard report...mostly because it just saves time and headaches.
0 Likes
Share
Reply
RSAAdmin
RSAAdmin Beginner
Beginner
In response to RSAAdmin
‎2009-03-12 12:08 PM
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

In enVision Release 4.0 there will be two new categories of reports added to the Dashboard; Incident Mangement Reports (Task Triage) and Vulnerability Reports; 15 new reports in total.

 

For details see  http://www.rsa.com/products/envision/sb/9952_ENVSO_SB_0209.pdf

 

Dan

0 Likes
Share
Reply
RSAAdmin
RSAAdmin Beginner
Beginner
In response to RSAAdmin
‎2009-03-20 08:44 AM
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

That's good to know.  I am not sure when we'll make the push to 4.0 though.  I've seen the wireframe mock ups for enVision.V and I really like those dashboards!

Message Edited by CaptainJackSparrow on03-20-200910:12 AM
0 Likes
Share
Reply
  • « Previous
    • 1
    • 2
  • Next »
  • « Previous
    • 1
    • 2
  • Next »
Powered by Khoros
  • Products
  • Resources
  • Solutions
  • RSA University
  • Support
  • RSA Labs
  • RSA Ready
  • About RSA Link
  • Terms & Conditions
  • Privacy Statement
  • Provide Feedback
© 2020 RSA Security LLC or its affiliates.
All rights reserved.