Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Revamp the dashboard page to add Query Builders #1959

Merged
merged 1 commit into from
Aug 16, 2024
Merged

Revamp the dashboard page to add Query Builders #1959

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file added docs/assets/xdr/dashboards/insert_qb_in_dashboard.gif
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
147 changes: 135 additions & 12 deletions docs/xdr/features/report/dashboards.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,47 @@
# Dashboards
**Sekoia.io’s Operations Center homepage uses a dashboard mechanism that is fully configurable and adaptable to your needs.**
Dashboards are composed of modular widgets that can be placed and edited wherever you want on the screen. Widgets can be fully configured as you can specify the date range, apply filters, change the display, etc...

Dashboards provide a powerful and intuitive way to visualize and monitor key metrics and data in real-time.
Users can create customized views by combining various widgets, offering insights into different aspects of their operations, security posture, or other critical areas.

A key aspect of dashboards is the ability to use query builders, which enable users to create custom data queries directly within the dashboard. This allows for highly tailored data analysis and visualization, empowering users to explore specific datasets and derive insights that are most relevant to their needs.

With features like time range configuration, manual and automatic data refresh, and the flexibility to add and customize widgets, dashboards are designed to deliver actionable information at a glance. Whether you need to track trends, spot anomalies, or perform detailed data analysis, dashboards offer a versatile and user-friendly solution.

## Default Dashboard
Accounts on Sekoia.io come with a preconfigured dashboard that gives a synthetic view of the current community activity, either from an operational security perspective (risk level, number of alerts, etc.) or from an activity perspective (list of last posted comments, last created alerts, etc.).
### Time range and refresh period
You can easily manage the time range and the refresh period of your dashboard by clicking on the selects in the top right of the screen.

## Time Range
Managing the time range for data displayed in your dashboard is essential for analyzing trends and patterns over specific periods.
The dashboard offers flexible options for configuring the time range for each widget and the overall dashboard.

**Widget-Specific Time Range**

By default, each widget on the dashboard can be configured to display data for its own specific time period. This allows for detailed analysis where different widgets may focus on different time frames simultaneously.
Each widget clearly shows the time range it is considering, ensuring transparency in the data being presented.

**Dashboard Date Range**

For built-in widgets, there's an option to synchronize the widget's time range with the overall dashboard's date range. This feature is particularly useful when you want multiple widgets to reflect data over the same period.
The dashboard's overall date range can be set using the range selector, which is prominently displayed at the top of the dashboard. Adjusting this selector updates the time range for all built-in widgets that are configured to follow the dashboard's date range.

By configuring these settings, you can ensure that your dashboard provides the most relevant and consistent view of data, tailored to the specific time periods that matter most to your analysis.

## Refreshing Data
Ensuring that the data displayed on your dashboard is up-to-date is critical for accurate monitoring and analysis.
The dashboard provides several options for refreshing the data presented in the widgets.

By default, the dashboard shows data that was computed during the last refresh. This means that when you first view a dashboard, the information is based on the most recent refresh that occurred.

To manually refresh the data across all widgets on the current dashboard, click the `Refresh` button located near the top of the dashboard.
Note that you can only trigger a manual refresh once every minute.

The date and time of the last successful refresh are displayed next to the `Refresh` button, allowing you to quickly verify when the data was last updated.

If you prefer to have your dashboard's data updated automatically, you can enable the auto-refresh option in the dashboard settings.
When auto-refresh is enabled, all widgets on the dashboard will automatically refresh every 30 minutes. This ensures that your data stays current without the need for manual intervention.

These options allow you to maintain the most relevant data on your dashboard, whether you prefer manual control or automated updates.


## Create new Dashboard
### Create from scratch
Expand Down Expand Up @@ -36,14 +72,27 @@ You can also create a new dashboard by duplicating an existing one. To do so:
6. Save your changes.

## Edit and add Widgets to a Dashboard
To edit a dashboard, you have to:
Dashboards can be easily customized using a variety of widgets, allowing users to tailor the interface to their specific needs.
The customization process is intuitive and accessible through the "Edition Mode," where users can modify, add, or remove widgets on their dashboards.

1. Go to the `Settings` button in the upper right of the screen
2. Click on `Edit this dashboard`
3. Go to the `Settings` button
4. Click on `Add widget`
5. Drag widgets to your dashboard
6. Save your changes
To start customizing a dashboard, follow these steps:

1. Click the `Edit Dashboard` Button:
Located at the top right corner of the dashboard, this button activates the "Edition Mode."

2. Customize Existing Widgets:
Once in "Edition Mode" each widget on the dashboard will display a small edit icon. Click this icon to modify the settings of the widget according to your needs.

3. Adding New Widgets:
To add a new widget, click on the `New widget` button. You will be presented with options to choose from a selection of built-in widgets and query builders.
After selecting the desired widget or query builder, you can drag and position it anywhere on the dashboard for optimal placement.

4. Removing Widgets:
Unwanted widgets can be removed by clicking the delete icon that appears in the widget's options during "Edition Mode"

5. Saving Changes:
After making all desired modifications, it is crucial to save your changes. To do this, click on the `Save` button, located at the top right corner of the dashboard.
If changes are not saved, any modifications made during "Edition Mode" will be lost.

## Delete a Dashboard
To delete a dashboard, you have to:
Expand All @@ -53,7 +102,81 @@ To delete a dashboard, you have to:

The Default Dashboard cannot be deleted.

## Risk Level Widget
## Query Builders Widgets

Query builders can be inserted into dashboards to streamline data visualization and management. It allows you to easily integrate existing query builders into multiple dashboards, ensuring that any updates made to a query on the query page are automatically reflected across all dashboards where it is used. By leveraging this integration, you maintain consistency and reduce the need for manual updates, enhancing the efficiency and accuracy of your data visualizations.

The Query widget in the dashboard utilizes the visualization settings saved with the query builder on the query page. For detailed information on how visualizations are managed, refer to the [documentation of Query Builders](/xdr/features/investigate/query_builder/).

Changes made to a query builder on the query builder page are automatically propagated to all dashboards that use that query builder. It ensures that updates are reflected without requiring manual intervention.
On the query builder’s edit page, you can view a list of all dashboards utilizing the query builder. This helps track where changes will take effect.

![insert_qb_in_dashboard](/assets/xdr/dashboards/insert_qb_in_dashboard.gif){: style="max-width:100%"}


## Built-in Widgets

Dashboards come equipped with a variety of built-in widgets designed to provide immediate access to critical data and insights.
These widgets are pre-configured for common use cases, allowing users to quickly add valuable information to their dashboards without the need for custom queries or extensive configuration.

The built-in widgets are organized into categories to help users easily find the tools they need:

* **Investigate**: These widgets focus on exploring specific data points, threats, or entities, helping users drill down into detailed analyses.
* **Observe**: These widgets are designed for monitoring and tracking ongoing activities, trends, and metrics across the threat landscape.

### List of Built-in Widgets

Here is an overview of the built-in widgets available:

* `Alerts` displays the number and details of alerts.
* `Number of Alerts` shows the total count of alerts over a specified time period.
* `Risk Level` provides a summary of the current risk levels based on recent data.
* `Last Comments`
lists the most recent comments associated with alerts.
* `Top Observed Threats`
highlights the most frequently observed threats.
* `Top Observed Adversaries`
displays a list of the most prominent adversaries identified.
* `Cases`
provides an overview of cases being tracked.
* `Number of Cases`
shows the total count of cases.
* `Assets`
displays data related to assets being monitored.
* `Events by Data Sources`
breaks down events according to their data sources.
* `Events Activity`
reports the overall number of collected events
* `Entities`
Provides information about entities involved in alerts or cases.
* `Entities Overview`
Offers a high-level summary of all tracked entities and their metrics.
* `Statistic by Entity`
Displays statistical data for each entitiy.
* `Latest Intelligence`
Shows the most recent intelligence reports and findings.
* `Adversaries Activity Trend`
Tracks trends in adversary activities over time.
* `Object Count`
Provides a count of intelligence objects in the intelligence database.
* `Top 5 Known Exploited Vulnerabilities`
Lists the most critical vulnerabilities currently being exploited.
* `Latest FLINTs Reports`
Displays the latest FLINTs (threat intelligence reports) produced by Sekoia.
* `Malware Prevalence Trends`
Tracks trends in malware prevalence.
* `Top Objects`
Shows the most frequently referenced intelligence objects.
* `Top Sectors`
Highlights the sectors most referenced in the intelligence database.
* `Top Locations`
Displays geographic locations most referenced in the intelligence database.
* `Global Top Threats`
Lists the most referenced threats in the intelligence database.

These built-in widgets allow users to quickly assemble a comprehensive dashboard that reflects key aspects of their environment, making it easier to monitor, investigate, and respond to critical data points.

### Risk Level Widget

The Risk Level Widget shows the risk level of your infrastructure based on your alerts.

Expand Down
Loading