Skip to content

Dashboards Module

CYBERQUEST Dashboards

A CYBERQUEST dashboard is a graphical representation of events (either circular or histograms) which can be accessed from Dashboards module interface when first logging in to application or by pressing Alt Image button at any time in left side, where is the quick access section of Web Interface.

Working with Dashboards module

After logging in to application, Web Interface will direct you to Dashboards module which provides a visual, real-time representation of all data that is contained in the online repository, data that is correlated and graphically designed to give you a meaningful context of the entire organization's compliance.

The module operation area is divided in two sections:

  • Search and Filter section allows you to granularly control what information is displayed in dashboards

  • Dashboards section contains the dashgroups configured for the logged in user

Search and Filter section

This section allows you to control what information is displayed in dashboards, and to define additional filters and combination methods for searched data in specified date and time interval. To see the Search and filter section, you have to Expand Filters by pressingAlt Image button and will open:

  1. Search field provides the ability to filter displayed information by using free text capabilities. If nothing is entered in field box, all events are displayed. You will find a similar search field available for Browser module. A complete guide to using free text capabilities is included in this manual: Using Searches

  2. In Search Field you have also, the autocomplete option for the default fields that are finding in events, for example:

Alt Image

  1. You can specify additional filters using Filtering options. By default, nothing is selected. When you access Additional filters drop-down list, you are presented with a large collection of pre-defined filters sorted by technology. You can select one, or multiple filters. In Filtering Options, you will also need to select the logical method for combining selected filters in Combining method drop-down list. Available options are AND and OR logical operators. Please note the operator you choose applies to all selected filters.

Alt Image

When finished, press Alt Image button to apply your selections.

Other options available in Search and Filter section:

Alt Image

  • Send to investigations option will direct your selection to Investigations module. The option opens a new web browser tab to Investigations interface. You have to expand filters by pressing Alt Image button and you are presented with Filter data window that is now populated with filtering information you already entered. Press Alt Image button to command data extraction based on your filters and display in Investigations interface.

Alt Image

  • Send to browser option will direct your selection to Browser module. The option opens a new web browser tab to Browser interface listing filtered results.

  • Send to alerts option will direct your selection to Alerts module. The option opens a new web browser tab to Alerts interface listing filtered results.

You can also choose to save your current filters selection at any time. By pressing Alt Image button you are presented with three options of making your filters selection permanent:

Alt Image

  • Save as New Dashboard option opens Save as New Dashboard window which allows you to create a new dashboard. The following must be specified:

  • A convention-based name for the new dashboard. This name will show in dashboard lists

  • A descriptive friendly name for the new dashboard. This name will be displayed in Dashboards interface

  • A descriptive text detailing the information will be presented in the new dashboard

  • The field by which graph will be built

  • Graphic type (barchart, pie, gauge etc.)

    Alt Image

  • Save as New Report option opens Save as New Report window which allows you to create a new report. You will need to add a report name and description before saving

  • Save as New Filter option opens Save as New Filter window which allows you to create a new filter. You will need to add a filter name and description before saving

  • Search and Filter section includes options for setting the date and time interval for which you need information. This feature is very helpful when you need to have a quick look on compliance over a certain period of time.

The interface allows you to set a specific start date and end date, and also provides you with quick options for date (last hour, last day, last three days, last ten days, last 30 days, last 90 days). By default, Dashboards interface displays the last hour of data. Buttons below Start Date and End Date fields allow you to quickly increase or decrease time interval, and specify time reference to be considered (GMT, Local Time, or ReceivedTime, Now, AutoRefresh, TimeInterval and Not in this time interval)

Alt Image

  • GMT - is the time reference which converts your search time into GMT(Greenwich Mean Time Zone).

  • LocalTime - is the time reference when an event occurred.

  • ReceivedTime - is the time reference when the events arrived in CYBERQUEST machine.

  • Now - self-update end data with current time.

  • AutoRefresh - refreshes the page every 10 seconds.

  • Time Interval - the search is made from Start Time to End Time interval

  • Not in this time interval - the search outputs the events that are NOT between Start Time and End Time

Dashboards section

This is the main display area for user dashboards. A logged in user will be presented with actionable dashgroups that are set for his profile. By clicking on a dashgroup, the user will be able to display dashboards that are included in that dashgroup.

Alt Image

Possible actions are:

  • Select -- By clicking on a dashgroup, the user will be able to display dashboards that are included in that dashgroup. For a selected dashgroup you get the possibly to quickly add or edit a dashboard in that dashgroup

  • Add dashgroup -- By pressing the button at the end of dashgroups row, you can quickly create a new dashgroup in your profile and then populate it with dashboards by pressing Alt Image button.

  • Export dashgroup -- This option allows you to export events from Dashgroups, over a period of time using a filter in Search Field.

To see how to export data from Dashgroup, please follow the link: How to export data from dashgroup.

  • Delete dashgroup -- Each dashgroup selector has a remove button in top-right corner, which becomes visible on mouse over action. Pressing the button permanently deletes the selected dashgroup. The action does not delete the dashboards linked to dashgroup, which can be then added again to a new dashgroup.

When clicking on a dashgroup, included dashboards are listed in Dashboards interface. For all dashboards displayed, the following actions became visible on mouse over:

  • On top-right corner of the dashboard you will find a set of quick-action buttons:

Alt Image

  • Maximize/Minimize -- Allows for expanding the dashboard to fit the entire display area, or shrinking it back to its original position

  • Export to CSV -- Saves a CSV file containing events graphically displayed in dashboard. The list of exported events matches the number set in Max. no. of items drop-down selection

  • Export Dashboard Object -- Creates an export of dashboard's definition in proprietary format

  • Graph selection -- Opens a drop-down list of graphical formats available for dashboards, allowing you to quickly change the graphical display format for that dashboard. Changing the display format here does not change the dashboard definition and the change will be reverted on the next load.

  • Edit dashboard -- Allows you to edit and permanently change the dashboard definition:

Alt Image

  • Max. no. of items option allows you to change the max number of entries that are displayed in dashboard. Since the purpose of Dashboard interface is to provide a quick glance of monitored environment in real-time, the maximum number of events that can be displayed is limited.

  • A show/hide Alt Image button allows you to either show or hide the items list from view. The number of listed items depends on Max. no. of items set for that dashboard.

You have the option to move the dashboards by pressing and holding while dragging the cursor, and also expand or shrink them as needed. To return to the default layout, click on Alt Image button.

Alt Image

Types of dashboards

Dashboards are divided into different categories. The most representative are:

  • Event related charts
  • Network related charts
  • Active Directory related charts
  • ALERTS related charts

Represent the dashboards built on events collected from various sources. Below are the most commonly used:

  • Gauge chart in reference to the top events categories

Alt Image

  • Pie chart in reference to event sources

Alt Image

  • Two-Level Pie chart in reference to event ID

Alt Image

  • The Barchart in reference to the computer that generated the event

Alt Image

  • AreaChart in reference to the proportion between logons and logoffs

Alt Image

  • LineChart about the distribution of events over a selected time interval

Alt Image

  • BrushBarChart - chart reference to top events types

Alt Image

  • RadarChart the chart shows the classification event by category

Alt Image

  • WorldMap the chart shows the events group by SrcIPGeoCountry

Alt Image

  • WorldMapCities the chart shows events by SrcIPGeocity

Alt Image

Represent the dashboards built on flow collected from NetFlow or other type of network flow sources. Below are the most commonly used:

  • Two-Level Pie chart in reference to Top IP addresses found in logs

Alt Image

  • Gauge chart in reference to internal IP addresses identified in events

Alt Image

  • BarChart in reference to external IP addresses identified in events

Alt Image

  • BrushBarChart the chart shows the Top Internal Destination IP Addresses from events

Alt Image

  • AreaChart the chart shows the Top extDestination IP Addresses from events

Alt Image

Represent the dashboards built on additional information collected from Windows Active Directory and other sources of information using a correlation between events and WMI, SNMP or other type of network flow sources. Below are the most commonly used:

  • Pie in reference to Last Change - Active Directory Events by Last Change

Alt Image

  • Two-Level Pie chart in reference to User Name

Alt Image

  • Line Chart chart in reference to Pass Never Expire

Alt Image

  • Gauge chart in reference to Active Directory events by Last Logon

Alt Image

Represent the dashboards built on alerts collected from various sources. Below are the most commonly used:

  • Barchart shows the Alerts by Computers

Alt Image

  • BrushBar Chart shows the Alerts by DataSources

Alt Image

  • TwoLevelPie Chart shows the Alerts by name

Alt Image

  • Gauge shows the Alerts by Users

Alt Image

  • WorldMap shows the Alerts by Countries

    Alt Image

  • WorldMap Cities shows the Alerts by Cities

    Alt Image

How to create a new dashboard, dashgroup and view data

A CYBERQUEST dashboard is a graphical representation of events (either circular or histograms) which can be accessed from Dashboards module interface when first logging in to application or by pressing "Dashboards" button at any time in top-left section of Web Interface.

How to create a new dashboard

Authentication

To access Web Interface, open a web browser and type the application's address or DNS name. The default address initially assigned to Web Interface is https://CyberquestIPAddress (example).

The browser automatically redirects you to CYBERQUEST's authentication page:

Alt Image

Navigate to dashboards page

Navigate to “Dashboards” page. Create a filtering rule, in which case we will filter the self-audit events using the desired filtering rule (e.g. EventID:"56789"). Save as a dashboard by clicking on “SAVE OPTIONS” > "Save as New Dashboard".

Alt Image

Complete the form

Complete the form with the appropriate information and press the "Save" button:

Alt Image

Name: The name of the new Dashboard;

Friendly Name: A descriptive friendly name for the new dashboard. This name will be displayed in Dashboards interface.

Text: A descriptive text detailing the information will be presented in the new dashboard.

Choose Field: The field after which it aggregates the dashboard;

How many records: Number of events;

Data Filter: The filter after which this dashboard is formed;

Choose Chart Type: Choose dashboard type;

How to create a new dashgroup

This is the main display area for user dashboards. A logged in user will be presented with actionable dashgroups that are set for his profile. By clicking on a dashgroup, the user will be able to display dashboards that are included in that dashgroup. Follow the this steps to create a new dashgroup:

Add dashgroup

Navigate to “Dashboards” page and press the button "ADD DASHGROUP" or the plus button Alt Image .

Complete the form

Complete the form with the appropriate information and press the "Save" button:

Dashgroup name: The name of the dashgroup;

Select dashgroup preset: You can choose from a list of already created dashgroups;

Select active dashgroup items: Select active dashgroup items from a list;

Alt Image

How to view data from a dashboard

What we created earlier can be viewed on the "Dashboards" page.

Alt Image

In this dashboard you will find a set of quick action buttons:

Maximize/Minimize -- Allows for expanding the dashboard to fit the entire display area, or shrinking it back to its original position;

Export to CSV -- Saves a CSV file containing events graphically displayed in dashboard. The list of exported events matches the number set in Max. no. of items drop-down selection;

Export Dashboard Object -- Creates an export of dashboard's definition in proprietary format;

Graph selection -- Opens a drop-down list of graphical formats available for dashboards, allowing you to quickly change the graphical display format for that dashboard. Changing the display format here does not change the dashboard definition and the change will be reverted on the next load;

Edit dashboard -- Allows you to edit and permanently change the dashboard definition;

Show items option allows you to change the max number of entries that are displayed in dashboard. Since the purpose of Dashboard interface is to provide a quick glance of monitored environment in real-time, the maximum number of events that can be displayed is limited;

A show/hide button Alt Image allows you to either show or hide the items list from view. The number of listed items depends on Max. no. of items set for that dashboard;

Alt Image

How to export data from dashgroup

When you export data from dashgroups you can download a graphical report based on aggregated events or alerts.

The data can be exported as follows:

Authentication

To access Web Interface, open a web browser and type the application's address or DNS name. The default address initially assigned to Web Interface is https://CyberquestIPAddress (example).

The browser automatically redirects you to CYBERQUEST's authentication page:

Alt Image

  • Navigate to “Dashboards” page, pressAlt Image button, and select the time interval:

Alt Image

  • Choose the dashgroup that you want to export (for example Events, Network, Alerts etc.) or create your own dashgroup.

  • Also you could export a dashgroup with filter using search and additional filters ( for specific EventID, UserName, Computer etc.).

After that, you have to press Export button:

Alt Image

Export the Dashgroup / Generate a statistics report

Start the export by pressing the "Start export" button or you can close the export by pressing the "Close" button.

Alt Image

After export is completed, press "Download file" button to save on local machine the desired information. The format of report is in PDF file.

Alt Image

The examples of downloaded a graphical dashgroups report:

Alt Image