5.2 Creating a Dashboard

  1. Log in to the Sentinel Web interface as a user with the Manage and View Security Intelligence Dashboards permission.

  2. On the left side of the page, click Security Intelligence >Dashboards > Create.

    The Create Dashboard page opens in a new tab.

  3. Use the following information to create the dashboard:

    Name: Specify a unique name for the dashboard.

    Classifier: Select the classifier that determines the categories displayed in the dashboard. The options are:

    • Taxonomy Outcome

    • Device Activity

    • Tag Activity

    • Http

    • Exploit

    Filter: Specify a filter to determine the scope of events displayed in the dashboard, or select a predefined filter. By default it displays the (sev:[0 TO 5]) filter.

    To search for an event field, specify the short name of the field, a colon, and the value. For example, notnull: xdastaxname displays all events. For more information, see Section 3.0, Configuring Filters.

    Data retention period: Select how long the data for the dashboards is retained. The options are:

    • 1 week

    • 2 weeks

    • 3 weeks

    • 4 weeks

    By default the Security Intelligence MongoDB database retains the data for 4 weeks.

  4. Click Create dashboard.

    The newly created empty dashboard is displayed because it has not had time to collect any data.

After few minutes, you can see the event data in the dashboard.

5.2.1 Creating a Dashboard by Using a Filter

You can use a filter search query as a dashboard filter and create a dashboard. For more information on creating a dashboard by using a filter, see Section 2.4.5, Creating a Dashboard.