You can visualize events indexed in scalable storage through an interactive dashboard. SSDM leverages Kibana, a browser-based analytics and search dashboard, that helps you to search and visualize events.
To visualize events indexed in scalable storage:
Log in to the Sentinel Scalable Data Manager (SSDM) web interface.
In the Visualize Events section, select the dashboard you want to view, and click View Dashboard.
SSDM launches the Events Visualization dashboard that displays an overview of events in your enterprise for the selected time range (by default 1 week). You can visualize various aspects of events, such as:
Event timeline with threat reputation scores
Top 5 Taxonomies and top 5 events
Vulnerability information and threat types
Geographical origin of the events
Top 5 initiator and target user names and their departments
Associated risks
Associated user activities
You can modify or create new visualizations and dashboards with the data you want to visualize. For information about creating visualizations and dashboards, see Visualize and Dashboard in Kibana documentation.
NOTE:If the network latency between SSDM and Elasticsearch nodes is high, the event visualization interface may not launch due to a time-out error. To avoid this issue, increase the time-out period in Kibana. For more information, see Event Visualization Interface May Not Launch Due to Time-Out Error in the Troubleshooting section of the NetIQ Sentinel Administration Guide.