• Support
  • Forums
  • Blogs

Single Pane of Glass Dashboard

hatfacehatface

Little green alien
+4
Good morning AV Community,

As a 1 man IT team for a small company it was important to me when looking for a security solution to find something that could act as a single pane of glass into my network's security.  To that end I have been trying to build out a dashboard that I can have going on a monitor on my wall that would keep me fairly up to date and let me know when further analysis is required.  

Here is an example of what I've been working on.  Anyone else care to share what custom dashboards they have been creating?  Sanitized submissions only of course.

dashboard preview
blesliekmarshTheCyberSentry
Tagged:

Share post:

Comments

  • We opted to use the alarms page as our dashboard.  We dismiss alarms when done so we know that when we see any "bubbles" we may need to take action.  
    TheCyberSentrybleslieScrubbylady
  • I use the alarms page as my goto page.  As the alarms are addressed, they are closed, so it is easy to know what is out there to be looked at.
    TheCyberSentrybleslie
  • As stated above, we monitor the alarms first and foremost, but we also monitor our vulnerabilities. We are continually working to improve our security posture and the vulnerabilities dashboard helps us stay on top.
    bleslie
  • I have not tried customizing the dashboard yet.. I will now! I focus mainly on the alarms and OTX activity. 
    bleslie
  • @Maske @Laurie,

    So, using the Alarms page as your dashboard, what do you do with it to keep it up and visible?  Are you simply opening the browser to it and throwing it on a another monitor that is constantly up?

    I was thinking of just throwing a Raspberry Pi up connected to the back of a wall mounted monitor that keeps the dashboard page up on it at all times. 

    Currently what you can do with the Dashboard page is somewhat limited, but I see a lot of potential in it.  I think it would be rather neat to be able to put up a dashboard widget with the Alarm info in it.  I'm seeing 1 graph type widget for alarms, and I see the real time widget for events.  I'd like to see a real time alarm widget, something that we can expand out to 2 or 3 widget panels in any direction so we could get a nice glimpse in to what we are seeing in the alarms section of AV.  

    blesliegiffobv
  • So, what I'd like to see is an Alarms widget that can be used to create a dashboard similar to this mock up using the Real Time Event's widget as a placeholder:

    db
    bleslieScrubbylady
  • I have not customized the dashboard yet.  The default one is ok for now.
    bleslie
  • I haven't had the opportunity to customize a dashboard yet.  The default dashboards have worked very well so far.  However, I am planning to add a few in the future just to play around with...maybe I'll be able to build something good!
    bleslie
  • My dashboard allows me a quick overview of the status of the device.  I glance at it so I can deep dive into the troubled areas.
    bleslie
  • Like some others, the Alarms page is my go to page for information. I actually have a dedicated monitor specifically for that purpose. 
    blesliehatface
  • My Basic Landing Page: Capture
    blesliehatface
  • I did some customization, but I love the idea of more alarm widgets since that is where I spend the majority of my time.alienvault dashboard
    bleslie
  • We haven't change the default dashboard but yeah, alarm page as the landing page seems like a good idea. 
    bleslie
  • Here is how I have my custom dashboard set up. All widgets will refresh every 90 seconds.

    • There is an RSS feed from Krebs on Security 
    • This allows me to keep an eye on anything major happening
    • 2 netflows; TCP & UDP 
    • This allows me to keep track of any major changes in the environment
    • Top Hosts that have multiple events
    • That way I can check if a host is being abnormal
    • A report showing all firewall events for the week
    • That way I can tell if there is a big jump in the number of things hitting the firewall


    Dashboard
    hatfacebleslie
  • Nice stuff, I hadn't thought of the RSS feed on the front @cactur but I see the logic behind it.  

    I also haven't played with the reports on the dashboard.  I like your firewall report, something I may have to look into myself.  -
    bleslie
  • We have not customized the dashboard yet.
    bleslie
  • We do dashboards by user so each can get an overview of what they are required to look after.
    Here is one such example.  Ours is a work in progress as we assign certain roles to certain users.

    AVdashboard
    bleslie
  • I'm an admin of several products so I like the dashboard to be a solid reminder of everything I need to concern myself with. In this case, several news feeds to remind myself to catch up, and bloom's taxonomy in the upper corner to remind myself to slow down and process the data I'm reading. 



    DashBoard
  • @alien_Chris Nice!  I like the netflow data included on the front page and your choice to include general IT news in an RSS feed.  Does it seem like its sort of a pain to scroll around inside of the widgets to get the full picture or are you using the feeds more as a link to somewhere else to actually ingest the data yourself?

    @giffobv I like what you have there.  Unfortunately I'm alone here so no other people to hand rolls to so I need a comprehensive at a glance that sparks my thought to look further elsewhere.  I like the reports you integrated into yours.  Do you find that generally a 2 column dashboard works well for you?  I think I would prefer to have a 3 or 4 column dashboard personally, but then the Live Events SIEM Events widget becomes extremely hard to keep up with.

    That reminds me, I did start a thread on the Feature Request forum to be able to adjust the width of the widgets.  It would be nice to have a 4 column dashboard and be able to keep up Alarms and SIEM Events at the top taking up 3 columns each, then having additional widgets to the sides and below them that can take up 1 column.  If you believe this would be helpful for you too, or even don't care but figured you would show me a little support, go over and comment on that thread.  The more people who make noise about this, the more likely DEVs are to take this in to consideration.

    Thanks!  

     
    bleslie
  • Two column can be a pain for a lot of the widgets and having to scroll left and right and up and down.  I wish they could just be sizable to any size or at least snap to certain grids of 2 col / 4 col / etc.  It would be nice to be able to mix sizes of widgets on the same dashboard.  Glad you put in that feature request.  Drop the URL here and I will go out and second that request.  I do like the RSS feed idea also.
    bleslie
  • @hatface  I like the idea of a Raspberry Pi for an always on monitoring station to use in our Data Center.  Never thought of that.  Sounds like a great idea. 
    hatface
  • Not Used for the customization. but will work on it.
    blesliehatface
  • its a super thing that you create custom dashboard so u get everything as per need on single plane.
    bleslie
  • edited July 2
    I have not tried customizing the dashboard yet.. I will now! I focus mainly on the alarms and OTX activity. 

  • We have not customized the dashboard yet.  sbobet มือถือ
Sign In or Register to comment.