Quick Links

About the Security dashboard

The Security dashboard displays a summary of your organization's events, findings, users, and endpoints. 

Note: It can take a minute for all of the data to load, depending on how large the dataset is. Charts do not display if there is no relevant data in the time range. You can adjust the time range at the top of the dashboard to filter the information shown in the dashboard.

The Security dashboard includes the following charts:

Chart Description
State of Security Overview

A funnel chart that includes the total counts for:

  • Logged events
  • Blocked events
  • Findings
  • Threats and suspects
Top Threat Types

The top threat types ("vuln_name") seen in log events (unit: log events).

Top Blocked Threats

The top threat types ("vuln_name") seen in log events, where the device action was a block (unit: log events).

Top Allowed Targets

The top threat targets ("dst_ip") seen in log events having a detected "vuln_name" and that were allowed (not blocked) by device (unit: log events).

Top Allowed Threat Sources

The top threat sources ("src_ip") seen in log events having a detected "vuln_name" and that were allowed (not blocked) by a device (unit: log events).

Top Threat Types Against Endpoints The top threat types ("vuln_name") seen in log events, where the log type was for an endpoint AV system (unit: AV log events).
Top Endpoint Threat Targets The top threat targets ("user" or "client_ip") seen in log events, where the log type was for an endpoint AV system (unit: AV log events).
Top Endpoint Events by Severity The top endpoint AV log events (where "endpoint" here is a "user" or "client_ip"), by severity (unit: AV log events).
Top Failed Login Users The top windows users with failed logins (unit: failed login events).
Summary data: Top Devices by Log Counts The top devices (with address/name and last time seen within query period), according to count of successfully parsed log events (unit: log events).
Top Endpoints by Log Count The top windows and unix/linux devices sending logs, by log count volume sent (unit: log count).
Top Endpoints by Data Generated (logarithmic scale) The top windows and unix/linux devices sending logs, by estimated total event log bytes generated (unit: log bytes).
Total Accepted Ingress Traffic by Source Country (logarithmic scale) The top source countries by total logged public IP traffic (unit: bytes).
Total Accepted Egress Traffic by Destination Country (logarithmic scale) The top destination countries by total logged public IP traffic (unit: bytes).