Dashboards Module

CYBERQUEST Dashboards

A CYBERQUEST dashboard is a graphical representation of events (either circular or histograms) which can be accessed from Dashboards module interface when first logging in to application or by pressing button at any time in left side, where is the quick access section of Web Interface.

Working with Dashboards module

After logging into the application, the Web Interface directs users to the Dashboards module, which offers a visual, real-time representation of all data contained in the online repository. This data is correlated and graphically presented to provide meaningful context regarding the organization’s overall compliance.

The module operation area is divided in two sections:

• Search and Filter section allows you to granularly control what information is displayed in dashboards

• Dashboards section contains the dashgroups configured for the logged-in user

Search and Filter section

This section provides control over the information displayed in dashboards and allows defining additional filters and combination methods for searched data within a specified date and time interval. To access the Search and Filter section, expand Filters by pressing the button, and will open:

1)The Search field provides filtering of displayed information using free text input. If the field is left empty, all events are shown. A similar search field is available in the Browser module. A complete guide to using free text search capabilities is provided in this manual: Using Searches

• The Search Field also includes an autocomplete feature for default fields found in events, for example:

2) Additional filters can be specified using Filtering options. By default, no filters are selected. Accessing the Additional filters drop-down list presents a large collection of predefined filters sorted by technology, allowing selection of one or multiple filters. In Filtering options, the logical method for combining selected filters must be chosen from the Combining method drop-down list. Available options include the AND and OR logical operators. Note that the chosen operator applies to all selected filters.

When finished, press button to apply the selections.

Other options available in Search and Filter section:

• The Send to Browser option directs the selection to the Browser module. This option opens a new web browser tab displaying the Browser interface with the filtered results.

• The Send to Alerts option directs the selection to the Alerts module. This option opens a new web browser tab displaying the Alerts interface with the filtered results.

The current filter selection can be saved at any time. Pressing the button presents three options for making the filter selection permanent:

• The Save as New Dashboard option opens the Save as New Dashboard window, enabling the creation of a new dashboard. The following details must be specified:

  • A convention-based name for the dashboard, which will appear in dashboard lists

  • A descriptive, user-friendly name, displayed in the Dashboards interface

  • A description outlining the type of information presented in the dashboard

  • The field used for graph generation

  • How many records to display in the chart

  • A Data Filter that defines the search conditions to be applied for generating the dashboard content

  • Graphic type (barchart, pie, gauge etc.)

• The Save as New Report option opens the Save as New Report window, allowing the creation of a new report. A report name and description must be provided before the configuration can be saved.

• The Save as New Filter option opens the Save as New Filter window, enabling the creation of a new filter. A filter name and description must be specified before saving the configuration.

3)The Search and Filter section includes options for setting the date and time interval to define the time range of the displayed information. This feature provides a quick overview of compliance data over a specified period.

The interface provides options to define a specific start and end date, along with predefined date ranges (e.g., last hour, last day, last three days, last ten days, last 30 days, last 90 days). By default, the Dashboards interface displays data from the last hour. Additional controls beneath the Start Date and End Date fields allow for quick adjustment of the time interval and selection of the time reference to be used, including GMT, Local Time, ReceivedTime, Now, AutoRefresh, TimeInterval, and Not in this time interval.

• GMT - is the time reference which converts your search time into GMT(Greenwich Mean Time Zone).

• LocalTime - is the time reference when an event occurred.

• ReceivedTime - is the time reference when the events arrived in CYBERQUEST machine.

• Now - self-update end data with current time.

• AutoRefresh - refreshes the page every 10 seconds.

• Time Interval - the search is made from Start Time to End Time interval

• Not in this time interval - the search outputs the events that are NOT between Start Time and End Time

Dashboards section

This is the main display area for user dashboards. A logged in user will be presented with actionable dashgroups that are set for his profile. By clicking on a dashgroup, the user will be able to display dashboards that are included in that dashgroup.

Possible actions are:

• Select -- Clicking on a dashgroup displays the dashboards included in that group. For the selected dashgroup, there is the option to quickly add or edit dashboards within it.

• Add dashgroup -- Pressing the button at the end of the dashgroups row allows quick creation of a new dashgroup under the current profile. Dashboards can then be added to the dashgroup using the button.

• Export dashgroup -- Enables the export of events from Dashgroups based on a specified time period and filtered through the Search Field.

For detailed instructions on exporting data from a Dashgroup, refer to the following link: How to export data from dashgroup.

• Delete dashgroup -- Each dashgroup selector includes a remove button in the top-right corner, visible on mouse hover. Selecting this button permanently deletes the dashgroup. Dashboards linked to the deleted dashgroup are not removed and can be reassigned to another dashgroup as needed.

When a dashgroup is selected, its associated dashboards are displayed in the Dashboards interface. For each listed dashboard, available actions become visible on mouse hover:

• A set of quick-action buttons is available in the top-right corner of the dashboard:

• Maximize/Minimize -- Expands the dashboard to fill the entire display area or returns it to its original size.

• Export to CSV -- Generates a CSV file containing the events displayed in the dashboard.

• Export Dashboard Object -- Export the dashboard’s definition in a proprietary format.

• Graph selection -- Opens a drop-down list of available graphical formats for dashboards, enabling quick changes to the display format of the dashboard. These changes do not affect the dashboard definition and will revert upon the next load.

• Edit dashboard -- Enables editing and permanent modification of the dashboard definition:

• Show option modifies the maximum number of entries displayed in the dashboard.

Since the purpose of the Dashboard interface is to provide a real-time overview of the monitored environment, the number of events displayed is limited.

Dashboards can be repositioned by pressing and holding while dragging the cursor. They can also be expanded or resized as needed. To restore the default layout, click the button from the top-right corner of interface.

Types of dashboards

Dashboards are organized into different categories. The most representative are:

• Event related charts
• Network related charts
• Active Directory related charts
• ALERTS related charts

Event related charts

Represent the dashboards built on events collected from various sources. Below are the most commonly used:

• Gauge chart in reference to the top events categories

• Pie chart in reference to event sources

• Two-Level Pie chart in reference to event ID

• The Barchart in reference to the computer that generated the event

• AreaChart in reference to the proportion between logons and logoffs

• LineChart about the distribution of events over a selected time interval

• BrushBarChart - chart reference to top events types

• RadarChart the chart shows the classification event by category

• WorldMap the chart shows the events group by SrcIPGeoCountry

• WorldMapCities the chart shows events by SrcIPGeocity

Network related charts

Represent the dashboards built on flow collected from NetFlow or other type of network flow sources. Below are the most commonly used:

• Two-Level Pie chart in reference to Top IP addresses found in logs

• Gauge chart in reference to internal IP addresses identified in events

• BarChart in reference to external IP addresses identified in events

• BrushBarChart the chart shows the Top Internal Destination IP Addresses from events

• AreaChart the chart shows the Top extDestination IP Addresses from events

Active Directory (or other) related charts

Represent the dashboards built on additional information collected from Windows Active Directory and other sources of information using a correlation between events and WMI, SNMP or other type of network flow sources. Below are the most commonly used:

• Pie in reference to Last Change - Active Directory Events by Last Change

• Two-Level Pie chart in reference to User Name

• Line Chart chart in reference to Pass Never Expire

• Gauge chart in reference to Active Directory events by Last Logon

Alerts related charts

Represent the dashboards built on alerts collected from various sources. Below are the most commonly used:

• Barchart shows the Alerts by Computers

• BrushBar Chart shows the Alerts by DataSources

• TwoLevelPie Chart shows the Alerts by name

• Gauge shows the Alerts by Users

• WorldMap shows the Alerts by Countries

  

• WorldMap Cities shows the Alerts by Cities

  

How to create a new dashboard, dashgroup and view data

A CYBERQUEST dashboard is a graphical representation of events (displayed as circular charts or histograms) that can be accessed through the Dashboards module upon logging into the application, or at any time by clicking the "Dashboards" button in the top-left section of the Web Interface.

How to create a new dashboard

Authentication

To access Web Interface, open a web browser and type the application's address or DNS name. The default address initially assigned to Web Interface is https://CyberquestIPAddress (example).

The browser automatically redirects you to CYBERQUEST's authentication page:

Navigate to dashboards page

Navigate to the “Dashboards” page. Create a filtering rule—for example, filter self-audit events using EventID:"56789". Then save the configuration as a dashboard by clicking SAVE OPTIONS > Save as New Dashboard.

Complete the form

Complete the form with the appropriate information and press the "Save" button:

Name: The name of the new Dashboard;

Friendly Name: A descriptive, user-friendly name for the new dashboard. This name will be displayed in the Dashboards interface.

Text: A descriptive text detailing the information presented in the new dashboard.

Choose Field: The field used to aggregate data within the dashboard.

How many records: The number of events to include.

Data Filter: The filter criteria used to generate the dashboard.

Choose Chart Type: The type of chart to represent the dashboard data.

How to create a new dashgroup

This is the main display area for user dashboards. Upon logging in, the user is presented with actionable dashgroups configured for their profile. By clicking on a dashgroup, the user can view the dashboards it contains.

Follow these steps to create a new dashgroup:

Add dashgroup

Navigate to the “Dashboards” page and click the "ADD DASHGROUP" button or the plus button .

Complete the form

Fill in the form with the appropriate information, then click the Save button.

Dashgroup name: The name assigned to the new dashgroup;

Select dashgroup preset: Choose from a list of existing dashgroup presets.

Select active dashgroup items: Select the items to be included in the active dashgroup from the list.

How to view data from a dashboard

The previously created item can be viewed on the "Dashboards" page.

This dashboard includes a set of quick action buttons:

Maximize/Minimize - Expands the dashboard to fill the entire display area or shrinks it back to its original size.

Export to CSV - Saves a CSV file containing all events displayed in the dashboard.

Export Dashboard Object - Exports the dashboard’s definition in a proprietary format.

Graph selection - Opens a drop-down menu of available graphical formats for the dashboard, allowing quick changes to the display type. Note that changing the format here does not modify the dashboard definition, the change will revert upon the next load.

Edit dashboard - Enables editing and permanent modification of the dashboard’s definition.

Show items - Allows adjustment of the maximum number of entries displayed in the dashboard. Since the dashboard provides a real-time overview, the number of displayed events is limited to ensure quick performance.

How to export data from dashgroup

When exporting data from dashgroups, you can download a graphical report based on aggregated events or alerts.

The data export options include:

Authentication

To access Web Interface, open a web browser and type the application's address or DNS name. The default address initially assigned to Web Interface is https://CyberquestIPAddress (example).

The browser automatically redirects you to CYBERQUEST's authentication page:

Navigate to Dashboards

• Navigate to the “Dashboards” page, click the button, and select a time interval:

• Select the dashgroup to export (e.g., Events, Network, Alerts) or create a custom dashgroup.

• Export a dashgroup with applied filters using search and additional criteria like specific EventID, UserName, Computer, etc.

Next, press the Export button:

Export the Dashgroup / Generate a statistics report

Start the export by clicking the "Start export" button, or cancel the operation by clicking the Close button.

After the export is complete, click the Download file button to save the report to the local machine. The report is in PDF format.

Examples of downloaded graphical dashgroup reports: