Comodo Help
Find the desired product help
Xcitium NxSIEM

Xcitium NxSIEM

Quick Start Guide 1.4

English

Print Help Download Help
Xcitium NxSIEM Quick Start Guide > Step 5 – Create Custom Dashboards For Customer Networks
  • Xcitium NxSIEM Quick Start Guide
    • Step 1 - Enroll Customers And Assign Users
    • Step 2 - Add Customer Networks For Monitoring
    • Step 3 - Configure Customer Networks To Forward Logs To NxSIEM
    • Step 4 - Generate Event Queries And View Events
    • Step 5 – Create Custom Dashboards For Customer Networks
    • Step 6 - Create Correlating Rules To Monitor Networks For Incidents
    • Step 7 - Generate Reports

Step 5 – Create Custom Dashboards for Customer Networks

 

Custom Dashboards allow you to view dynamically updated results from event queries as pie charts, bar charts, time charts and spider charts. By viewing important data from often complex queries in an easily digested chart format, you can more effectively track, monitor and analyze the activities of your customers.


To open the 'Custom Dashboards' interface, click the 'Menu' button from the top right, choose 'Investigation' and then click 'Custom Dashboards'.





The left hand side panel displays a list of custom dashboards added for the customer under respective category folders. The right hand side panel displays the custom dashboards selected from the LHS pane under respective tabs. Each dashboard can display up to four charts.


By default, The first tab displays a 'New Dashboard' tab that allows you to create a new dashboard for the selected customer.


Configuring Custom Dashboards


You can add any number of custom dashboards for a customer for different event queries. If required, you can create new queries specifically for custom dashboards and save them, from the 'Event Query' interface. Each dashboard can display up to four charts.


Each chart is constructed from the following parameters.

'Name' +'Selected Event Query' + 'Group By' + 'Aggregation Function' + 'Order By' + 'Limit'

  • Name - A name to identify the chart.
  • Selected Event Query - The query whose results are to be displayed in the chart. The query can be selected from the list of queries, added fro the selected customer.
  • Group By - The field, based on whose values, the events identified by the query are to be grouped and shown in the chart. Event groups will be formed so that each event group will have events with same value for the selected field.
  • Aggregation Function - The event groups formed based on the fields chosen in the 'Group by' option, are ranked based chosen 'Aggregation Function'. The event groups are indicated in the charts in ascending or descending order as chosen in the 'Order by' setting. The available options are:
  • Count - The event groups are ranked based on the number of events in each group. For example, if you choose Source IP as 'Field' then the group which contains the most events on a particular source IP will have the top rank and the group containing the lowest number of events is ranked lowest. You can further control how the data is displayed by modifying the 'Order By' and 'Limit' parameters.
  • Sum - The event groups are ranked based on sum of values in another field that contains numerical value. If you choose 'Sum', you need to select another field that contains a numerical value, like 'bytes in'/'bytes out'. The event groups are ranked based on the sum of the values in the chosen numerical field from all the events in that group. For example, if we choose 'Bytes-in' as numerical value, then the system adds up the values in the 'Bytes-in' field of all the events in a group and ranks the group accordingly. The event group having the sum of values in the 'Bytes-in' field as maximum is ranked top and vise-versa.
  • Average - Similar to above. Event groups are ranked based on the average of the values of the chosen numerical field from all the events in that group. (e.g. the average of values of 'Bytes_in' field of events in the group, if we take the same example as above)
  • Maximum - Similar to above. The event groups are ranked based on the maximum of the values of chosen numerical field from all the events in that group.
  • Minimum - Similar to above. The event groups are ranked based on the minimum of the values of chosen numerical field from all the events in that group.
  • Order By - You can choose the order in which the event groups are to be indicated in the chart, based on their ranking. The available options are:
  • Ascending - The group with the lowest rank will be top of the list. A limit of 5 will show the 5 groups with the lowest ranks.
  • Descending - The group with the highest rank will be top of the list.. A limit of 5 will show the 5 groups with the highest ranks.
  • Limit - The number of event groups to be displayed in the chart
For example, If you want to identify the source IPs of top 5 endpoints that are involved in large file transfers and hence consume large bandwidth resource, you can:
  • Create and save a query for identifying file transfer events
  • Construct a chart by selecting the query
  • Group the events by Source IPs
  • Aggregate the event groups by the sum of 'Bytes-out'
  • Set the chart to display top 5 groups in descending order

The screenshot below shows the resulting dashboard chart constructed with the parameters as described above:




To create a new dashboard

  • Select the customer from the 'Customers' drop-down at the top of the left hand side panel.
  • Select the appropriate folder or create a new dashboard folder under which you want to create a new dashboard. Alternatively, you can also select a folder while saving a dashboard.
  • Click the button.

A 'New Dashboard' tab will be displayed.


Tip: You can also use the 'New Dashboard' tab that is displayed as the first tab on selecting a customer, to create a new dashboard. You can save the created dashboard by selecting an appropriate folder from the left side panel.




The new dashboard contains four tiles to display four charts.

  • Click the 'Click here to add new chart' link on a tile.

The option to select the graph type to show the query results will be displayed.




The available options are:

  • Pie Chart
  • Bar Chart
  • Spider Chart
  • Time Chart
  • Click on a graph type from the options

The 'Add' screen will be displayed for configuring the results to be shown in the chart.




  • Enter a name for the chart, in te 'Name' text field
  • Choose the query whose results are to be populated in the report, from the 'Queries' list
  • Select 'Group By', 'Aggregation Function', 'Order by' and 'Limit' parameters as explained above
  • Click the 'Preview' button to check the chart before adding it to the dashboard tile



Placing the mouse cursor over a section will display the details of that particular event query.

  • Click the 'Add' button

The configured tile will be added to the dashboard.





  • Repeat the process to add more number of tiles to the dashboard as explained above.
  • Click the 'Save' button.

The 'Save' dialog will appear.




  • Enter the name for the dashboard in the 'Name' field
  • Select the period at which the event query results chart should be updated from the 'Refresh Interval' drop-down. The options range from 30 seconds to 5 minutes
  • Click the 'Save' button

The dashboard will be saved and its name will be displayed on the tab and under the folder it was saved.




You can add as many custom dashboards for various event queries configured for a customer by repeating the same process.



Our Products
  • Free Antivirus
  • Free Internet Security
  • Website Malware Removal
  • Free Anti-Malware
  • Anti-Spam (Free Trial)
  • Windows Antivirus
  • Antivirus for Windows 7
  • Antivirus for Windows 8
  • Antivirus for Windows 10
  • Antivirus for MAC
  • Antivirus for Linux
  • Free Endpoint Security
  • Free ModSecurity
  • Free RMM
  • Free Website Malware Scanner
  • Free Device Manager for Android
  • Free Demo
  • Network Security
  • Endpoint Protection
  • Antivirus for Android
  • Comodo Antivirus
  • Wordpress Security
Cheap CDN
  • Bootstrap CDN
  • Semantic UI CDN
  • Jquery CDN
  • CDN Plans
  • CDN
  • Free CDN
Enterprise
  • Patch Management Software
  • Patch Manager
  • Service Desk
  • Website Down
  • Endpoint Protection Solutions
  • Website Security Check
  • Remote Monitoring and Management
  • Website Security
  • Device Manager
  • ITSM
  • CRM
  • MSP
  • Android Device Manager
  • MDR Services
  • Ransomware Prevention
  • Managed IT Support Services
  • Free EDR
Free SSL Certificate
Support Partners Terms and Conditions Privacy Policy

© Comodo Group, Inc. 2024. All rights reserved.