Page tree

Contents

The Dashboard provides a quick overview of the overall health of your BloxOne services. It displays a few widgets that give you snapshots of the high-level traffic within your network infrastructure, the RPZ hits per policy, and the top malicious categories. Widgets are the building blocks of your Dashboard, and you can add or remove them to customize a Dashboard that is most suitable for your organization or business.

Adding or Removing Dashboard Widgets

To add or remove a widget, complete the following:

  1. From the Cloud Services Portal, click Dashboard.
  2. To add widgets, click +Widgets at the top right-hand corner of the Dashboard. In the right-hand panel, click the + sign next to the widget to add it to the Dashboard. Available widgets include the following:
    • Security tab:
      • BloxOne Endpoints by Threat Hits: Displays a rollup summary of the total number of all unique endpoints on your network. Each unique threat is further broken down by severity: HighMediumor Low.
      • Communications Threat Class and Remote Target: Displays the top 10 types of malware communications and the top target destinations for malware in your network.
      • Configuration and Endpoints: Displays details about your installation, which includes DNS servers, detected endpoints, mobile clients, and more.
      • Devices by Type: Displays the types of endpoint devices on your network.
      • Devices by Threat Hits: Displays the total number of all unique devices. Each unique device is further broken down by severity: HighMedium,  or Low.
      • Enhancements Rollup Summary: Displays a summary of web and enterprise activity seen across your organization, along with threats allowed without a policy block. The Rollup summary includes total DNS activity, security activity, action taken (blocked, redirected, allowed/logged), and high severity events not blocked. Your organization should strive to see zero allowed threats on the Enhancements Rollup Summary widget. 
      • High Severity by Threat Feed/Custom List Not Blocked: Displays a pie chart and a list of top feeds/custom lists where severity is High. This widget correlates “high” threats to the threat feed or custom list that contained the indicator, and ended up with a block of the threat (feed effectiveness). This data is highly dependent on the order of rules used within the blocking policy. Do note that this data is highly dependent on the order of rules used within the blocking policy.
      • Malicious Requests: Displays a bar chart with the numbers of High, Medium, and Low severity incidents occurring on your network.
      • Threat Property: Displays the threat properties for the top attackers on your network. 
      • Top Attackers: Displays the top attackers impacting your organization. Clicking on a data point on the widget will redirect you to Dossier for additional information.
      • Top Blocked Web Destinations: Displays the most popular web destinations as requested by your organization that are blocked based on your organization’s web content policies. Clicking on a data point on the widget will redirect you to Dossier for additional information.
      • Top Detected Properties: Displays the top detected properties within your organization. Clicking on a data point on the widget will redirect you to the Security-Activity report for additional information.
      • Top Detected Threats: Displays the top detected threats impacting your organization.
      • Top Devices by Total DNS Activity: Displays system endpoints ranked by the amount of DNS query activities. Clicking on a data point on the widget will redirect you to the Security-Activity report for additional information.
      • Top Malware: Displays the top malware types impacting your organization.
      • Top Ten High Severity BloxOne Endpoints: Displays the device name and user name with the total number of hits for each device name. Clicking on a data point on the widget will redirect you to the Security-Activity report for additional information.
      • Top Ten High Severity BloxOne Endpoints Not Blocked: Displays the device name and user name with the total number of hits for the device where policy action is logged. Clicking on a data point on the widget will redirect you to the Security-Activity report for additional information.
      • Top Ten High Severity Devices: Displays the top ten devices triggering security events that are rated “high” in severity. This is often referred to as the “troublemaker list.” The Top 10 High Security Devices list will show the device name when available and fall back to display the device IP address when the device name is unavailable.
      • Top Threat Classes within Organization: Displays the top threat classes impacting your organization. 
      • Top Threat Feeds: Displays the threat intelligence feeds enabled in your security policies that contain the highest number of hits in your organization. 
      • Top Web Destinations: Displays the most popular web destinations as requested by your organization. Clicking on a data point on the widget will redirect you to Dossier for additional information.
      • Total DNS Activity: Displays the total count of DNS activity within your organization.
      • Unique Security Events: This widget displays the number of all unique security events (IOCs) on your network. Each unique security event is further broken down by severity: HighMediumor Low.
    • DDI tab:

      • DNS Status: Displays the number of DNS servers that are running and available for processing requests.  
      • DNS Responses: Displays the DNS responses based on the time period selected. This widget also displays percentage DNS responses for Success, Failure, Referral, NXRRSET, and NXDomain.
      • DNS Queries per second: A cumulative total of all DNS queries per second, averaged over all available hosts for an account.
      • DHCP Status: Displays the number of DHCP servers that are running and available for processing requests.  
      • DHCP Leases per Second: Displays the leases per second based on the time period selected. 
  1. To drag or re-size a widget, click the downward-pointing arrow in the right-hand bottom of the widget and drag or re-size as desired.

To remove widgets, click the x icon on a widget.

Selecting the Refresh Rate for the Dashboard Page

You can select the page's refresh rate by selecting the options under the Refresh every menu. Refresh rate options include the following:

  • 1 minute
  • 5 minutes
  • 15 minutes
  • 30 minutes
  • 1 hour
  • 8 hours
  • 1 day
  • Manually

You can manually refresh the page by clicking .

Selecting the Viewing Period for the Dashboard Page

You can select a viewing period by clicking one of the options under the View last menu. Viewing options include the following: 

  • 1 hour
  • 24 hours
  • 48 hours
  • 7 days
  • 1 month

Note

BloxOne DDI only supports a viewing period of up to 24 hours. 

You can download a PDF copy of the Dashboard. To download a PDF version of the Dashboard page, click Download as PDF located at the top-left of the screen.

Note

The Dashboard is available only for BloxOne Threat Defense Business On-Premises, BloxOne Threat Defense Business Cloud, BloxOne Threat Defense Advanced, and BloxOne DDI subscriptions.

  • No labels

This page has no comments.