Security Dashboards

Topics:

Dashboards Overview

Related Security Components

Associated Dashboards

DNS, Firewall, SSH, Failed Logins

Security Domain Dashboards

Oracle Database, DB2 Database, MySQL Database

Security Database Dashboards

Security Intelligence

Security Intelligence Dashboard

Security Domain Dashboards

Dashboard

Overview

DNS

Data extracted from a network’s DNS logs, providing insight into an organizations Internet traffic. Information is displayed in a variety of ways to aid in determining a baseline of normal activity, investigating trends, and identifying anomalies that may warrant deeper investigation.

Firewall

Data extracted from a network’s firewall logs. This dashboard is helpful for investigating enterprise wide trends across this family of network security products. Information about denied connection attempts, ports and protocols, source and destination IP addresses and more is collected and displayed in a variety of chart types to provide insight into this layer of an enterprise’s network security.

Host Security

Data extracted from SSH related logs, focusing on unsuccessful login attempts around three primary elements:

Actor IP - source
Destination Name - target host
Destination Account (the login is attempted with) - account name

The dashboard is split into three horizontal zones. The format of each zone is consistent, allowing the three histograms to line up displaying different aspects of the same activity on the same timeline to allow analysts to better understand the attacks they face and more easily spot suspicious activity.

Zone 1 is focused on the Actor IP, which is the address the connection attempt emanated from. That information is displayed as a histogram showing the activity trend for the time frame being viewed, a pie chart displaying the most frequently seen Actor IPs, and table showing each source IP and the number of times SSH connection attempts were seen from that IP during the time frame being analyzed.
Zone 2 is focused on the Destination IP, the network address of the system the SSH login was attempted.
Zone 3 is focused on the Destination Account, which is the account name being used in each SSH connection.

Security Database Dashboards

Dashboard

Overview

DB2 Database

Data extracted from a network’s DB2 database logs. Information about database accounts, schemas, data access and other aspects of an enterprise’s DB2 databases are displayed in a variety of chart types. Together these different aspects related to all the DB2 databases on the network provide insight into the activity surrounding an organization’s data.

MySQL Database

Data extracted from a network’s MySQL database logs. Information about database accounts, schemas, data access and other aspects of an enterprise’s MySQL databases are displayed in a variety of chart types. Together these different aspects related to all the MySQL databases on the network provide insight into the activity surrounding an organization’s data.

Oracle Database

Data extracted from a network’s Oracle database logs. Information about database accounts, schemas, data access and other aspects of an enterprise’s Oracle databases are displayed in a variety of chart types. Together these different aspects related to all the Oracle databases on the network provide insight into the activity surrounding an organization’s data.