-
Notifications
You must be signed in to change notification settings - Fork 191
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
* First draft - Create new section: Dashboards - Move Overview page to new topic within Dashboards - Create new topic for D&R dashboard * Update collapse-side-nav-button.gif * Apply suggestions from code review Co-authored-by: benironside <91905639+benironside@users.noreply.github.com> Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> * Additional suggestions from code review Co-authored-by: benironside <91905639+benironside@users.noreply.github.com> * Update docs/getting-started/security-ui.asciidoc Co-authored-by: benironside <91905639+benironside@users.noreply.github.com> * Apply suggestions from code review * Update docs/dashboards/overview-dashboard.asciidoc * Apply suggestions from Janeen's review Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> Co-authored-by: benironside <91905639+benironside@users.noreply.github.com> Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> Co-authored-by: Janeen Mikell-Straughn <57149392+jmikell821@users.noreply.github.com> (cherry picked from commit 0619d16) Co-authored-by: Joe Peeples <joe.peeples@elastic.co>
1 parent
1b44eda
commit 10da804
Showing
7 changed files
with
105 additions
and
31 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
[[dashboards-overview]] | ||
|
||
= Dashboards | ||
|
||
The following sections describe the {security-app}'s prebuilt dashboards, which provide visualizations of your security environment. | ||
|
||
include::overview-dashboard.asciidoc[leveloffset=+1] | ||
|
||
include::detection-response-dashboard.asciidoc[leveloffset=+1] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
[[detection-response-dashboard]] | ||
= Detection & Response dashboard | ||
|
||
The Detection & Response dashboard provides focused visibility into the day-to-day operations of your security environment. It helps security operations managers and analysts quickly monitor recent and high priority detection alerts and cases, and identify the hosts and users associated with alerts. | ||
|
||
[role="screenshot"] | ||
image::detections/images/detection-response-dashboard.png[Overview of Detection & Response dashboard] | ||
|
||
Interact with various dashboard elements: | ||
|
||
* Use the date and time picker in the upper-right to specify a time range for displaying information on the dashboard. | ||
|
||
* In sections that list alert counts, click a number to investigate those alerts in Timeline. | ||
|
||
* Click the name of a detection rule, case, host, or user to open its details page. | ||
|
||
The following sections are included: | ||
|
||
[width="100%",cols="s,"] | ||
|============================================== | ||
|
||
|Alerts | ||
|The total number of detection alerts generated within the time range, organized by status and severity. Select *View alerts* to open the Alerts page. | ||
|
||
|Cases | ||
|The total number of cases created within the time range, organized by status. Select *View cases* to open the Cases page. | ||
|
||
|Open alerts by rule | ||
|The top four detection rules with open alerts, organized by the severity and number of alerts for each rule. Select *View all open alerts* to open the Alerts page. | ||
|
||
|Recently created cases | ||
|The four most recently created cases. Select *View recent cases* to open the Cases page. | ||
|
||
|Hosts by alert severity | ||
|The hosts generating detection alerts within the time range, organized by the severity and number of alerts. Shows up to 100 hosts. | ||
|
||
|Users by alert severity | ||
|The users generating detection alerts within the time range, organized by the severity and number of alerts. Shows up to 100 users. | ||
|
||
|============================================== |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
[[overview-dashboard]] | ||
= Overview dashboard | ||
|
||
The Overview dashboard provides a high-level snapshot of detections, external alerts, and event trends. It helps you assess overall system health and find anomalies that may require further investigation. | ||
|
||
image::images/overview-pg.png[Overview dashboard] | ||
|
||
[discrete] | ||
== Live feed | ||
|
||
The live feed on the Overview dashboard helps you quickly access recently created cases, favorited Timelines, and the latest {elastic-sec} news. | ||
|
||
TIP: The *Security news* section provides the latest {elastic-sec} news to help you stay informed of new developments, learn about {elastic-sec} features, and more. | ||
|
||
image::images/live-feed-ov-page.png[Overview dashboard with live feed section highlighted] | ||
|
||
[discrete] | ||
== Histograms | ||
|
||
Time-based histograms show the number of detections, alerts, and events that have occurred within the selected time range. To focus on a particular time, click and drag to select a time range, or choose a preset value. The *Stack by* menu lets you select which field is used to organize the data. For example, in the Detection alert trend histogram, stack by `kibana.alert.rule.name` to display alert counts by rule name within the specified time frame. | ||
|
||
TIP: Many {elastic-sec} histograms, graphs, and tables contain an *Inspect* button so you can examine the {es} queries used to retrieve data throughout the app. | ||
|
||
[discrete] | ||
== Host and network events | ||
|
||
View event and host counts grouped by data source, such as *Auditbeat* or *{endpoint-cloud-sec}*. Expand a category to view specific counts of host or network events from the selected source. | ||
|
||
[role="screenshot"] | ||
image::images/events-count.png[Host and network events on the Overview dashboard] | ||
|
||
[discrete] | ||
== Threat Intelligence | ||
|
||
The Threat Intelligence view on the Overview dashboard provides streamlined threat intelligence data for threat detection and matching. | ||
|
||
The view shows the total number of ingested threat indicators, enabled threat intelligence sources, and ingested threat indicators per source. To visualize the ingested threat indicator data, click the *Source* link for a threat intelligence source. | ||
|
||
NOTE: For more information about connecting to threat intelligence sources, visit <<es-threat-intel-integrations, Enable threat intelligence integrations>>. | ||
|
||
[role="screenshot"] | ||
image::images/threat-intelligence-view.png[width=65%][height=65%][Threat Intelligence view on the Overview dashboard] |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters