Presentation is loading. Please wait.

Presentation is loading. Please wait.

AESA – Module 8: Using Dashboards and Data Monitors

Published byEvelyn Bishop Modified over 6 years ago

Similar presentations

Presentation on theme: "AESA – Module 8: Using Dashboards and Data Monitors"— Presentation transcript:

1 AESA – Module 8: Using Dashboards and Data Monitors
ArcSight Enterprise Security Analyst (AESA) Using Dashboards and Data Monitors ESMSA50.v3 ArcSight Confidential – Module 8 - 1

2 AESA – Module 8: Using Dashboards and Data Monitors
Module 8: Topics Dashboards Custom View Dashboards Displaying Custom View Dashboards Data Monitors Event-based Data Monitors Correlation Data Monitors Non-event Based Data Monitors Types of Event-based Data Monitors ArcSight Confidential – Module 8 - 2

3 AESA – Module 8: Using Dashboards and Data Monitors
Module 8: Objectives At the end of this module, you will be able to: Define Data Monitors and Dashboards List the functions and characteristics of Dashboards Identify Data Monitor types and their characteristics ArcSight Confidential – Module 8 - 3

4 AESA – Module 8: Using Dashboards and Data Monitors
Made up of Data Monitors and/or Query Viewers Ideal way to see event data in a variety of statistical views Can be loaded in two ways – using the Navigator panel or the Menu bar Dashboards are an ideal way to see event data in a variety of statistical views on your network, such as charts, graphs, and tables. They provide a customized view of the event data generated from various Data Sources connected to your network. Dashboards help you quickly identify problem areas and nodes and assist you in taking immediate actions on critical events. Dashboards are made up of Data Monitors and/or Query Viewers. You can customize these Data Monitors/Query Viewers to view in a variety of graphical and tabular formats. Changing Dashboard Layouts You can also customize Dashboards to suit your specific needs. You can change the layout of a Dashboard by simply dragging and dropping Data Monitors/Query Viewers into it. You can move Data Monitors within a Dashboard by clicking a Data Monitor’s Header and dragging it to another location within the Dashboard. You can also click the Layout button at the lower-right corner of the Dashboard in the Viewer panel and choose either the Tab or the Tile options to align the Data Monitors within the Dashboard. Viewing Details of Events in a Dashboard You can use the event data displayed in Data Monitors/Query Viewers for monitoring and investigation activities. To view the details of a particular event in a Dashboard, you need to: Right-click the desired event on the Data Monitor and choose Show Event Details. You can view the details of the Malicious Code Detected event in the Inspect/Edit panel. ArcSight Confidential – Module 8 - 4

5 AESA – Module 8: Using Dashboards and Data Monitors
Can be customized as needed Can be created and deleted as needed Data monitors/Query Viewers included in Dashboards can drilldown into Active Channels for further investigation ArcSight Confidential – Module 8 - 5

6 Custom View Dashboards
AESA – Module 8: Using Dashboards and Data Monitors Custom View Dashboards ESM provides a way to create custom layouts of dashboard data using a browser-based runtime environment embedded in the Console Also known as image dashboards, custom view dashboards enable you to create custom views of dashboard data, and can display data monitors over an imported image, such as a geographical map ArcSight Confidential – Module 8 - 6

7 Displaying Custom View Dashboards
AESA – Module 8: Using Dashboards and Data Monitors Displaying Custom View Dashboards Custom View Dashboards can use either ESM’s internal browser or external browsers for display ArcSight Confidential – Module 8 - 7

8 AESA – Module 8: Using Dashboards and Data Monitors
Overview Display summaries of events, Assets, and ESM status Display event data in numerous viewing layouts Can be added to Dashboards Data Monitors You can float the display of individual Data Monitors into separate windows to expand or resize individual displays. You can add one or more Data Monitors with different event information to the same Dashboard. Analysts use Data Monitors to collect event data and summarize them graphically. Some Data Monitors such as correlation Data Monitors also perform analysis. To view the data of a Data Monitor that has not been placed in a Dashboard, the system creates a temporary Dashboard. You can create permanent Dashboards that display the results of one or more Data Monitors. You can display one Data Monitor in more than one Dashboard. You can also display a single Data Monitor multiple times in one Dashboard using different layouts. Data Monitors are: Memory-intensive if it defines groups of data with multiple fields. CPU-intensive when they use many Filters or complex Filters. You can view Data Monitors in Dashboards by selecting the Data Monitors tab. ArcSight Confidential – Module 8 - 8

9 Functions of Data Monitors
AESA – Module 8: Using Dashboards and Data Monitors Functions of Data Monitors Overview Can create, edit, save, delete, enable and disable Creating a Data Monitor To create a Data Monitor, right-click a Data Monitor group and click New Data Monitor. On the Data Monitor Editor tab, select the type of Data Monitor to create and the associated properties for the Data Monitor type will appear. Editing a Data Monitor To edit a Data Monitor, right-click the Data Monitor and click Edit Data Monitor. Edit the attributes of the Data Monitor that are displayed on the Inspect/Edit panel. Alternatively, to edit a Data Monitor on the Viewer panel, right-click the Data Monitor displayed on a Dashboard. From the context menu, choose Data Monitor > Edit. You can then edit the attributes of the Data Monitor that are displayed on the Inspect/Edit panel. Deleting a Data Monitor To delete a Data Monitor, right-click the Data Monitor and click Delete Data Monitor. In the ArcSight Console message box that appears, click Delete. Enabling a Data Monitor When you enable a Data Monitor, it actively processes events and updates its display. To enable a Data Monitor from the Navigator panel, right-click the Data Monitor and click Enable Data Monitor. Alternatively, you can also enable a Data Monitor from the Inspect/Edit panel. On the Attributes tab, select the Enable Data Monitor check box. Disabling a Data Monitor When you disable a Data Monitor, it stops processing events and updating its display. To disable a Data Monitor from the Navigator panel, right-click the Data Monitor and select Disable Data Monitor. Alternatively, you can disable a Data Monitor from the Inspect/Edit panel. On the Attributes tab, clear the Enable Data Monitor check box. ArcSight Confidential – Module 8 - 9

10 Types of Event-based Data Monitors
AESA – Module 8: Using Dashboards and Data Monitors Types of Event-based Data Monitors Types of Data Monitors: Asset Category Count Event Graph Geographic Event Graph Hierarchy Map Hourly Counts Last N Events Last State Top Value Counts (Bucketized) Event-based Data Monitors evaluate events, apply Filters, and display summaries in a graphical format, which is displayed in a Dashboard. ArcSight Confidential – Module

11 Event-based Data Monitors: Asset Category Count
AESA – Module 8: Using Dashboards and Data Monitors Event-based Data Monitors: Asset Category Count Counts and displays the number of events that occur per Asset Category ArcSight Confidential – Module

12 Event-based Data Monitors: Event Graph
AESA – Module 8: Using Dashboards and Data Monitors Event-based Data Monitors: Event Graph Displays a real time diagram of selected event activity ArcSight Confidential – Module

13 Event-based Data Monitors: Geographic Event Graph
AESA – Module 8: Using Dashboards and Data Monitors Event-based Data Monitors: Geographic Event Graph Displays a real time geographic map of selected event activity ArcSight Confidential – Module

14 Event-based Data Monitors: Hierarchy Map
AESA – Module 8: Using Dashboards and Data Monitors Event-based Data Monitors: Hierarchy Map Displays an image made up of proportionally sized panels Each panel represents a group of events These events are selected by group fields that are selected in the Source Node Identifier ArcSight Confidential – Module

15 Event-based Data Monitors: Hourly Counts
AESA – Module 8: Using Dashboards and Data Monitors Event-based Data Monitors: Hourly Counts Displays total count of events on an hourly basis along with their priority ArcSight Confidential – Module

16 Event-based Data Monitors: Last N Events
AESA – Module 8: Using Dashboards and Data Monitors Event-based Data Monitors: Last N Events Displays most recent events, which are categorized by Priority, Name, Protocol, and Category ArcSight Confidential – Module

17 Event-based Data Monitors: Last State
AESA – Module 8: Using Dashboards and Data Monitors Event-based Data Monitors: Last State Displays graphics that translate complex values into simple, rapidly observable results Uses green, red, and yellow signal lights or checkmarks, exclamation symbols, and asterisks graphics as indicators ArcSight Confidential – Module

18 Event-based Data Monitors: Top Value Counts (Bucketized)
AESA – Module 8: Using Dashboards and Data Monitors Event-based Data Monitors: Top Value Counts (Bucketized) Displays events with maximum values for a selected data field Displays the total number of events and event severity ArcSight Confidential – Module

19 Types of Correlation Data Monitors
AESA – Module 8: Using Dashboards and Data Monitors Types of Correlation Data Monitors Event Correlation Event Reconciliation Moving Average Session Reconciliation Statistics Correlation Data Monitors perform special analytical functions, which are displayed on Dashboards. Correlation Data Monitors evaluate the event stream and applies Filters or other conditions. When the correlation Data Monitor finds events that match the specified conditions, it triggers a correlation event. ArcSight Confidential – Module

20 Correlation Data Monitors: Event Correlation
AESA – Module 8: Using Dashboards and Data Monitors Correlation Data Monitors: Event Correlation Provides flow volume correlation between two different event streams This helps confirm attacks reported by different systems ArcSight Confidential – Module

21 Correlation Data Monitors: Event Reconciliation
AESA – Module 8: Using Dashboards and Data Monitors Correlation Data Monitors: Event Reconciliation Correlates events between two sensors using Filters and matching fields ArcSight Confidential – Module

22 Correlation Data Monitors: Moving Average
AESA – Module 8: Using Dashboards and Data Monitors Correlation Data Monitors: Moving Average Displays moving average of events based on a selected data field ArcSight Confidential – Module

23 Correlation Data Monitors: Session Reconciliation
AESA – Module 8: Using Dashboards and Data Monitors Correlation Data Monitors: Session Reconciliation Correlates events based on their occurrence within a relevant time period Typically used to watch network devices involving long term concerns ArcSight Confidential – Module

24 Correlation Data Monitors: Statistics
AESA – Module 8: Using Dashboards and Data Monitors Correlation Data Monitors: Statistics Enables you to select other statistical methods in addition to moving average. Other statistical methods available: Average Standard deviation Skew Kurtosis ArcSight Confidential – Module

25 Types of Non-event Based Data Monitors
AESA – Module 8: Using Dashboards and Data Monitors Types of Non-event Based Data Monitors System Monitor –Displays measurements based on ESM Manager’s internal systems, Java classes, and attributes System Monitor Attribute – Displays specific attributes of a given internal ArcSight Java class Rules Partial Match – Displays Rules that have partial matches and the total number of partially matched events within a specified time frame Non-event based Data Monitors evaluate internal statistics, such as memory and CPU usage, of ESM Resources. These Data Monitors are useful to Administrators to view the instrumentation monitoring the ESM system. ArcSight Confidential – Module

26 Non-event Based Data Monitors: System Monitor
AESA – Module 8: Using Dashboards and Data Monitors Non-event Based Data Monitors: System Monitor Displays measurements based on ESM Manager’s internal systems, Java classes, and attributes ArcSight Confidential – Module

27 Non-event Based Data Monitors: System Monitor Attribute
AESA – Module 8: Using Dashboards and Data Monitors Non-event Based Data Monitors: System Monitor Attribute Displays specific attributes of a given internal ArcSight Java class ArcSight Confidential – Module

28 Non-event Based Data Monitors: Rules Partial Match
AESA – Module 8: Using Dashboards and Data Monitors Non-event Based Data Monitors: Rules Partial Match Displays Rules that have partial matches and the total number of partially matched events within a specified time frame ArcSight Confidential – Module

Download ppt "AESA – Module 8: Using Dashboards and Data Monitors"

Similar presentations

Working with Tables for Page Design – Lesson 41 Working with Tables for Page Design Lesson 4.

Working with Tables for Page Design – Lesson 41 Working with Tables for Page Design Lesson 4.
Module 2 Navigation.     Homepage Homepage  Navigation pane that holds the Applications and Modules  Click the double down arrow on the right of.

Module 2 Navigation.     Homepage Homepage  Navigation pane that holds the Applications and Modules  Click the double down arrow on the right of.
UT-Space Manager. Define Rooms The Define Rooms task is used to manage your room data. 1.On the Process Navigator, click on the Space Inventory & Performance.

UT-Space Manager. Define Rooms The Define Rooms task is used to manage your room data. 1.On the Process Navigator, click on the Space Inventory & Performance.
Guide to Oracle10G1 Introduction To Forms Builder Chapter 5.

Guide to Oracle10G1 Introduction To Forms Builder Chapter 5.
Creating Custom Forms. 2 Design and create a custom form You can create a custom form by modifying an existing form or creating a new form. Either way,

Creating Custom Forms. 2 Design and create a custom form You can create a custom form by modifying an existing form or creating a new form. Either way,
A Guide to Oracle9i1 Introduction To Forms Builder Chapter 5.

A Guide to Oracle9i1 Introduction To Forms Builder Chapter 5.
Chapter 11 - Monitoring Server Performance1 Ch. 11 – Monitoring Server Performance MIS 431 – created Spring 2006.

Chapter 11 - Monitoring Server Performance1 Ch. 11 – Monitoring Server Performance MIS 431 – created Spring 2006.
Introduction To Form Builder

Introduction To Form Builder
Tutorial 5: Working with Excel Tables, PivotTables, and PivotCharts

Tutorial 5: Working with Excel Tables, PivotTables, and PivotCharts
Introduction to Access By Mary Ann Chaney and Alicia Harkleroad.

Introduction to Access By Mary Ann Chaney and Alicia Harkleroad.
Copyright © 2007, Oracle. All rights reserved. Managing Concurrent Requests.

Copyright © 2007, Oracle. All rights reserved. Managing Concurrent Requests.
Module 10: Monitoring ISA Server 2004. Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.

Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
Teacher’s Assessment Assistant Worksheet Builder Starting the Program

Teacher’s Assessment Assistant Worksheet Builder Starting the Program
Debugging. 2 © 2003, Espirity Inc. Module Road Map 1.Eclipse Debugging  Debug Perspective  Debug Session  Breakpoint  Debug Views  Breakpoint Types.

Debugging. 2 © 2003, Espirity Inc. Module Road Map 1.Eclipse Debugging  Debug Perspective  Debug Session  Breakpoint  Debug Views  Breakpoint Types.
FIX Eye FIX Eye Getting started: The guide EPAM Systems B2BITS.

FIX Eye FIX Eye Getting started: The guide EPAM Systems B2BITS.
Course ILT Forms and queries Unit objectives Create forms by using AutoForm and the Form Wizard, and add or modify form headers and footers Open and enter.

Course ILT Forms and queries Unit objectives Create forms by using AutoForm and the Form Wizard, and add or modify form headers and footers Open and enter.
XP. Objectives Sort data and filter data Summarize an Excel table Insert subtotals into a range of data Outline buttons to show or hide details Create.

XP. Objectives Sort data and filter data Summarize an Excel table Insert subtotals into a range of data Outline buttons to show or hide details Create.
Design Verification Code and Toggle Coverage Course 7.

Design Verification Code and Toggle Coverage Course 7.
Graphical Enablement In this presentation… –What is graphical enablement? –Introduction to newlook dialogs and tools used to graphical enable System i.

Graphical Enablement In this presentation… –What is graphical enablement? –Introduction to newlook dialogs and tools used to graphical enable System i.
LANDESK SOFTWARE CONFIDENTIAL Tips and Tricks with Filters Jenny Lardh.

LANDESK SOFTWARE CONFIDENTIAL Tips and Tricks with Filters Jenny Lardh.

Similar presentations

Ads by Google