Skip to content

How to create an on-demand dashboard

Data filtering and ordering

For interactive investigations, filter, sort, and aggregate results directly within the interface. On-demand filter creation is supported, with field auto-completion for faster and more accurate queries. Filter builder

Once the filters are configured - either manually or by adding additional filters interactively via the GUI - data can be sorted by selected fields in ascending or descending order.

The options are:

Browser module:

  • LocalTime - The timestamp indicating when the event occurred on the local system. Useful for chronological sorting or identifying time-based patterns.
  • SecurityScore - A numeric score representing the assessed security impact or severity of the event. Higher values typically indicate higher risk.
  • SecurityLevel - A classification of the event’s security importance (e.g., Low, Medium, High). Helps prioritize which events may require immediate attention.
  • Computer - The hostname or identifier of the computer associated with the event. Useful for grouping or comparing events across multiple systems.
  • EventID - A unique identifier assigned to the type of event, typically defining what action or condition triggered the log entry.
  • SrcIP - The source IP address associated with the event, indicating the system or endpoint that initiated it.
  • EventLog - The name or type of the event log where the entry was recorded (e.g., Application, System, Security).
  • Category - A classification that indicates the event’s type.
  • _event.Category - A more specific or internal categorization imported directly from the underlying event data structure. Useful when the base Category field is too general.
  • RiskAssessment - An evaluation of the potential threat level of the event, based on contextual analysis or predefined security criteria.

Order by options

Alerts module:

  • GeneratedTime - The timestamp when the alert was created. Useful for tracking when issues were first detected.
  • AlertSecurityScore - A numeric score representing the severity or potential impact of the alert. Higher values indicate higher risk.
  • AlertSecurityLevel - A classification of the alert’s importance (e.g., Low, Medium, High). Helps prioritize which alerts require immediate attention.
  • AlertName - The descriptive name of the alert, indicating the type of issue or event detected.
  • Status - The current state of the alert, for example, New, Acknowledged, or False positive. Useful for monitoring workflow and follow-up actions.
  • AlertAssignee - The person or team responsible for handling or investigating the alert. Useful for accountability and tracking resolution.

Alerts order options

On-demand data aggregation

CYBERQUEST enables quick aggregation of the current results into a dashboard. Simply drag a column header onto the chart icon to create visual summaries instantly.

Drag-and-drop aggregation