We are considering adding new dashboards to Smart View, and would love your input.
One of them is the ‘Threat Prevention Cyber-attacks dashboard’ divided to business questions:
- Malicious files
- User received malicious files via mail
- User downloaded malicious files from web
- Hosts exploit attempts
- Hosts scanning
- Users surfed to malicious web-sites
- Infected hosts
For each question – we created a drill-down dashboard (by double clicking the number OR text, you will deep-dive to the next dashboard).
By double clicking again on an IOC (Indicator of compromise), you will get the logs of the attack you are interested to see and related to this IOC. The dashboard is divided into prevent & detect sections.
How can I upload the dashboard into my environment?
- Download the attached file
- Extract the archive
- Click ‘logs and monitor’ -> open a new tab by clicking -> click Views -> Actions -> Import Template
- Import all the files (they are connected to each other in the dashboard)
- Click on the view ‘Cyber Attack View - Beta’ and start to investigate
If I find a malfunction/have a suggestion for one of the views, what should I do?
- You can edit the queries/delete the non-relevant widgets if you find them not relevant for your network.
- Send me a direct mail : firstname.lastname@example.org with the malfunction/suggestion so we will be able to fix it(please add your SE/Account to the mail + Screen shot for better understanding)
- Comment in this thread
Can I copy some of the widgets into my own dashboard?
Ofcorse – right click the title of the widget and copy it.
For which versions this dashboard is working?
This dashboard was created for R80.10 version and above
For which blades is this dashboard is relevant?
Anti-Bot, Anti-Virus, IPS, Threat Emulation