- Super Administrator
- Administrator
- SOC Manager
- Security Analyst
Dashboard provides a holistic view of the state of Security operations and Security Incidents for the organization.
The widgets can be viewed by days 7/15/ 30 by selecting the View dropdown filter available in the top right corner.
The widgets and their details are provided here-
Overall Alerts Summary
The pie chart summarizes all generated alerts. Severity levels are represented by color:
– Purple: Base
– Sky blue: Low severity
– Light orange: Medium severity
– Dark orange: High severity
Daily Alert Rate
Displays the number of alerts generated for the tenant, organized by date. Select the dots on the graph, to view the exact number of alerts.
Overall Incident Summary
| Tab | Description |
|---|---|
| Severity | Gives a doughnut chart that displays the Overall Incident Summary of total incidents as per Critical, High, medium, and Low Severity. |
| Status | Gives a doughnut chart that displays the Overall Incident Summary of total incidents as per Open, Investigation, Remediation, and Closed Status. |
Unassigned Incidents
Displays the number of incidents that are not assigned to any analyst.
Closed Incidents Summary
This doughnut chart that displays the number of incidents that are Suspicious, False Positive, and True Positive. Clicking the doughnut takes you to the Incidents page.
Average Incidents Rate- Open vs Closed
| Filter | Description |
|---|---|
| Severity, Type 1 Week, 1 Month | Gives a line graph of the Average Incident Rate Open vs Closed.HOvering over the points in the graph display the incident stats. |
Endpoints with Alert Count Top 10
Displays the number of alerts for the ten endpoints with the highest alert counts.
Affected Endpoints Trend
Displays the number of affected endpoints for the selected period (week or month). Hover over any point on the graph to view the number of alerts for that date.
Incidents – Missed SLA
Displays details of incidents that did not meet the SLA. Results are shown by severity.
Alerts by MITRE Attacks
Displays a bar graph showing the number of alerts by tactic. Hover over any bar to view the number of alerts and the associated tactic.
Mean Time to Detect
The Mean Time to Detect is the duration from an incident created time to an incident remediate time.
This graph shows the data for the last 30 days for the critical, high, medium, and low-severity incidents.
The following filter is available on the graph,
| Filter | Values |
|---|---|
| Incident Types | Unknown, Phishing, Malware, MITM, Insider Threat, Privilege Escalation. Web Application Attack, Anomaly Detection, APT, Endpoint, Email, Network, EPP. and UBA Credential Access |
Mean Time to Respond
The Mean Time to Respond is Time Taken to change the status of an Incident to Investigation from Incident creation Time.
This graph shows the data for the last month for the critical, high, medium, and low-severity incidents.
The following filter is available on the graph,
| Filter | Values |
|---|---|
| Incident Types | Unknown, Phishing, Malware, MITM, Insider Threat, Privilege Escalation. Web Application Attack, Anomaly Detection, APT, Endpoint, Email, Network, EPS, and UBA Credential Access |
Mean Time to Remediate
The Mean Time to Remediate is the time Taken to change the status of an Incident to Closed from Incident creation Time.
This graph shows the data for the last month for the critical, high, medium, and low-severity incidents.
The following filter is available on the graph,
| Filter | Values |
|---|---|
| Incident Types | Unknown, Phishing, Malware, MITM, Insider Threat, Privilege Escalation. Web Application Attack, Anomaly Detection, APT, Endpoint, Email, Network, EPS, and UBA Credential Access |
Incidents assigned v/s Active
This dashlet displays the number of analysts assigned per incident types.Hovering over the bars will display the number of analysts assigned to that incident type.
Daily Active Endpoints
Provides a line graph that displays the count of active endpints as per the selected period. Hovering over the points on the peaks in the graph will display the number of active endpoints for that.
Scheduling Dashboard Report
Note ☛
- Only users with Super Admin, Admin, or SOC Manager privileges have the ability to schedule dashboard reports.
- In the Dashboard report scheduling feature, users will exclusively receive the Default dashboard in PDF format, without any filters applied.
To schedule reports for dashboards, follow the instructions provided in the details here.
To schedule dashboard report, follow these steps:
- Accessing the Scheduler Page: From the Dashboard Page, find and click on the Schedule Export button. This action will direct you to the Create New Scheduler page.
- Configuring Schedule for Sending Report: In the "Configure Schedule for Sending Report" section, you can specify when and how frequently the report should be sent.
- Selecting Report Frequency: Within this section, you'll encounter a dropdown menu labeled "Report Frequency". Click on it to reveal options such as "Daily," "Weekly," and "Monthly". Select the frequency that aligns with your desired report generation schedule.
- Setting Report Format: By default, the report format is typically set to PDF.
- Entering Email Addresses: Identify the email address field provided. Here, you can input the email addresses of the recipients who are intended to receive the scheduled report. You can add anywhere from 1 to 5 email addresses. Once entered, clicking the "Add" button will display the added email addresses under the "Added Email Addresses" label.
Downloading Consolidated report
To download the Seqrite XDR consolidated report in PDF format, click Export. The report will be downloaded immediately on the working machine.