Versions Compared

Version Old Version 1 New Version Current
Changes made by

Svetlana Sheptiy

Svetlana Sheptiy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

...

...

...

...

...

...

...

Overview

Customers that have the relevant license can create their own Analytics Dashboards to visualise and analyse the incoming log data. This functionality is available from Snare Central v8.6.0.

...

Table of Contents
minLevel2
maxLevel6
outlinefalse
stylenone
typelist
printablefalse

Dashboards Actions

...

Action items on the Analytics Dashboards page allow to:

image-20240215-235755.png

Create a new empty Dashboard

image-20240220-050150.pngImage RemovedCreateDashboard.pngImage Added

Provide the following details in the dialog:

Name - dashboard name (up to 254 characters)

Grant full access to - select at least one of the groups the User belongs to, so that the User can access the Dashboard after its creation.
Note: Snare Central Administrators and SuperUsers groups have full access regardless of the selection.
Description - optional description (up to 500 characters)
Search Container - container/folder to add this dashboard to.
Note: custom dashboards can not be placed under Built-in Dashboards.
Configure Layout for Dashboard - select initial layout, for example 3 rows x 3 columns. Layout can be further customised after creation.

Click Create. The dashboard will be added in the desired location.

image-20240215-235746.png

Add New Directory

image-20240220-051800.png

Provide the following details in the dialog:

Name - directory name (up to 254 characters) A directory can

As of version 8.6.2, a container can be created at any hierarchical level as long as the user has Change permissions to the parent container. 
In earlier versions, a container could only be created at the root level of the Analytics Dashboards, and then had to be dragged and dropped to the desired location.

Info

A new directory is a temporary item that only exists for the duration of the session of the current logged in user (i.e. two hours by default), and will not be visible to other users of Snare Central. It will not become permanent, or visible to other users, until a Dashboard is added to the directory.

image-20240215-235736.png

Import Dashboards

image-2023-9-22_15-0-0.png

Import dashboard(s) from previous export from another Snare Central

image-20240215-235803.png

Search dashboards and directories by name

Search.png

Click x in search window to clear search results.

After navigating into a found directory, use Back to Search Results link in the Reports breadcrumbs area to return to your search results.

Search2.png

image-20240215-235654.png

Sort all dashboards and directories by name

Click sort button to toggle sorting in Ascending or Descending order.

DashboardActions.png

Rename, Move, Export or Delete a dashboard

by clicking the ellipsis (...) in the custom dashboard line.
These options are not available for built-in dashboards.

Rename opens a dialog that allows to change custom dashboard’s Name and Description, and move it to another parent directory

Export Dashboard opens a dialog that allows to generate an export file with the dashboard definitions or send this file by email to a desired recipient (email setup needs to be configured in the Wizard)

Delete opens a confirmation dialog, and if confirmed, proceeds with deletion of the dashboard and its widgets. The container/folder will be removed if it is the last dashboard to be removed.

DirActions.png

Rename, Export or Delete a directory

by clicking the ellipsis (...) in the directory line.
These options are not available for built-in dashboards.

Rename opens a dialog that allows to rename the directory

Export Directory opens a dialog that allows to generate an export file with the definitions of all the dashboards in the directory, or send this file by email to a desired recipient (email setup needs to be configured in the Wizard)

Delete All opens a confirmation dialog, and if confirmed, proceeds with deletion of all the dashboards in this directory.

Info

Non-admin users with change permissions to an Analytics Dashboard owned by Administrator, are able to change dashboard content, but not allowed to rename or delete the dashboard.

Creating Dashboard Content

After the dashboard is created with pre-set layout, small empty layout items are placed on the canvas. These items can be resized, dragged and drop, added or deleted.

...

Add Layout Item

...

This button on top-right of the dashboard allows to add additional empty dashboard layout items on the canvas.
Maximum of 50 items are allowed on one dashboard.

Resize Layout Item

Item can be resized using the mouse: press on the bottom-right corner of the layout item and drag to the desired size. The item will snap to the underlying grid.

Click Save Layout floating button in the bottom-right corner to save layout changes.

Drag & Drop Layout Item

Item can be dragged and dropped to any place on the dashboard layout using the mouse: press on the header area of the layout item and drag it to the desired location. The item will move to the new location, and other items will move aside to make space for it.

Click Save Layout floating button in the bottom-right corner to save layout changes.

Delete Layout Item

Click ItemMenu.png at the top-right corner of the item to open the Action Menu.
Select Delete Item.
In the confirmation dialog, select either Delete or Cancel.

Add Widget

...

It is time to put some content on the dashboard!

...

After selection of the Widget Type, additional fields will appear. Configure the widget as described below.
Click Add to add the widget.

Configure Bar / Line / Pie Chart

...

Bar and Line Charts plot number of events matching the query, grouped by a certain field.
X axis represents event time, with granularity of 15 minutes.

...

To create a link, select this checkbox, then select existing widget(s) to link (drill down) to.

Configure Status Card

...

Status Card displays a color-coded counter of events matching the query.

...

Configure Threshold - value in the status card is colour-coded according to the configured “Warning” and “Problem” thresholds:
red - value is equal to or exceeds the “Problem” threshold
orange - value is equal to or exceeds the “Warning” threshold, but is lower than the “Problem” threshold
green- value is under the “Warning” threshold

...

To create a link, select this checkbox, then select existing widget(s) to link (drill down) to.

Configure Table

...

Events Table has no query of is own. Its purpose is to display log data from other widgets, based on user selection. Action items on top of the table allow to configure visible columns and export table data to CSV.
Pagination controls are found at the bottom of the table.

...

To create a link, select this checkbox, then select existing widget(s) to link (drill down) from.

Edit Widget

Click ItemMenu.png at the top-right corner of the created widget to open the Action Menu.
Select Edit Widget. This will open the widget configuration dialog with options specific to the widget type, as described above. Edit the options and click Edit button to save changes.

Delete Widget

Click ItemMenu.png at the top-right corner of the created widget to open the Action Menu.
Select Delete Widget. This will open theconfirmation dialog, and if confirmed, will proceed with deletion of the widget, leaving an empty layout item.

Efficient Dashboards Design

Dashboards are a powerful tool for visualising incoming data in near-real time, recognising threats and issues early and acting on them. However, types and volumes of incoming logs may affect dashboard efficiency.

...

  • Configure widget’s monitored time period to be shorter, for example “Last 1 hour” instead of “Last 7 days”

  • Configure chart's Top N categories to be smaller, for example “Display top 5 systems”

  • Narrow down the search query with more precise search parameters

  • Optimise query syntax

Queries Optimization

When using the event search queries you can be generic with searching for data or more precise. The more precise you are the faster the query will be. Running a query using the basic mode maybe fine for some searches but others will require an advanced search to be constructed. Using a more precise search can be orders of magnitude faster as it will use the indexes and cache information better and also incur less regex searching along the event strings to look for the target information.

...