Create a dashboard

To create a new dashboard, click the plus (New board) icon. The dashboard edit page is displayed.

Dashboard edit page

Perform any or all of the following operations to create or edit a dashboard:

  • Enter or edit the Board name.

  • Select the board Visibility. Toggle between Private (the default) and Public.

  • Add widgets to the dashboard by clicking on the corresponding entry in the Add widgets sidebar. The selected widget is added to the bottom of the board. By default, the widget is placed in a row by itself.

  • You can drag a widget from its row into another row, however only two widgets are allowed in any row. Dragging a widget out of its row leaves an empty row behind. Delete the row by clicking its delete icon.

    Note:

    Deleting a row deletes any widgets that were in the row.

  • Move widget rows up or down by clicking the adjust icon and dragging the row.

  • Delete a widget by clicking its delete icon.

  • When you have done, select Save board to save the dashboard. To abandon your edits, select Cancel edit and then dismiss the Discard changes? pop-up.

Add widgets

The Add widgets sidebar allows you to use the pull-down menu to narrow the Category of widgets it displays. Select from All (the default), Detection, File, Mail, Metric, or Network.

You can use the quick search field to perform a fast, as-you-type filter of the widgets, displaying only those widgets that have a title that includes the query string.

Select from the following widgets:

Application layer protocols

Category: Metric, Network

The Application layer protocols widget displays the captured traffic (in bits per second) associated with each protocol. When you hover your mouse over the graph, a pop-up is displayed giving more details about the amount of traffic for each protocol.

Used in the provided Dashboard: Overview and Dashboard: Network.

Bytes read in preview mode

Category: Metric

This widget shows the amount of traffic processed by ICAP by differentiating between preview traffic and further reads that were needed for the analysis of files of interest.

Concurrent flows

Category: Metric, Network

This widget displays maximum concurrent flows processed by an appliance.

CPU 5m load average

Category: Metric

This widget displays historical values of the 5-minute load average. The system load can be interpreted as the amount of processes that are ready to be run by the CPU (either running or waiting). The 5-minute load average is the moving average of the system load over 5-minute windows.

CPU Usage

Category: Metric

This widget displays CPU usage by appliance.

Detected threats

Category: Metric, Network

The Detected threats widget provides a graphical overview of the different kinds of threats detected in the network. This information is displayed in a layered circle. The divisions of the circles represent the number of hosts affected by the displayed incident types. Moving toward the outer circles provides a finer granularity and more specific information.

Used in the provided Dashboard: Overview and Dashboard: Network.

Disk reads

Category: Metric

This widget displays the amount of data read from the disks, expressed in MB/s.

Disk usage: / (root)

Category: Metric

This widget displays root filesystem (/) usage by appliance.

Disk usage: /data

Category: Metric

This widget displays data filesystem (/data) usage by appliance.

Disk usage: /var

Category: Metric

This widget displays var filesystem (/var) usage by appliance.

Disk writes

Category: Metric

This widget displays the amount of data written to the disks, expressed in MB/s.

Downloaded files

Category: File, Metric

The Downloaded files widget provides an overview of the number of files that were downloaded in the monitored network. The graph is a daily histogram of downloaded files, grouped by high level file type.

Used in the provided Dashboard: Overview.

Downloaded files list

Category: Detection, File, Network

The Downloaded files list displays a list of distinct, unique files that have been downloaded by hosts in the network.

Used in the provided Dashboard: Files.

Downloaded files over time

Category: File, Network

The Downloaded files widget provides an overview of the number of files that were downloaded in the monitored network. The graph is a daily histogram of downloaded files, grouped by high level file type.

Used in the provided Dashboard: Files.

Global event map

Category: Detection, Network

The Global event map provides a visual overview of aggregated geo-located events. It marks the approximate location of the other host. The marker color represents the event impact. The marker size represents the number of impacted hosts.

Used in the provided Dashboard: Network.

ICAP processing time

Category: Metric

This widget displays the average time taken by ICAP for the analysis of each request, in milliseconds. Data is only available for an appliance with ICAP integration enabled.

ICAP Read Bytes

Category: Metric

This widget displays the amount of traffic processed by ICAP by differentiating between preview traffic and further reads that were needed for the analysis of files of interest. Data is only available for an appliance with ICAP integration enabled.

ICAP: inspected transactions

Category: Metric

This widget displays transactions for which ICAP analysis has determined the presence of content of possible security relevance, causing the ICAP service to request access to its full content for analysis (ICAP 200). Data is only available for an appliance with ICAP integration enabled.

ICAP: prefiltered transactions

Category: Metric

This widget displays statistics on HTTP transactions which ICAP analysis has determined not relevant from a security standpoint (ICAP 204). Data is only available for an appliance with ICAP integration enabled.

Indexed records for Network Analysis

Category: Metric

This widget displays the number of records that have been indexed for each record type. Data is only available for a DATA NODE.

Infections over time

Category: Detection, Network

The Infections over time widget provides a graphical overview of the different kinds of incidents detected in the network. The x-axis depicts the time (defaults to the portal settings value) and the y-axis the number of hosts affected by incidents of a given type.

Used in the provided Dashboard: Overview and Dashboard: Network.

I/O utilization

Category: Metric

This widget displays the percentage of CPU time during which I/O requests were issued to devices.

I/O wait percentage

Category: Metric

This widget displays, over time, the time that the CPU has spent waiting for an IO request to complete, as a percentage of the total CPU time.

Live events

Category: Detection, Network

The Events widget provides an overview of the individual events.

Used in the provided Dashboard: Overview and Dashboard: Network.

Mail attachments blocked (MTA Only)

Category: File, Mail, Metric

The Mail attachments blocked (MTA Only) widget shows the number of email attachments that have been blocked. This widget only displays data for appliances with mail analysis enabled and in inline mode (MTA).

Used in the provided Dashboard: Mail.

Mail attachments breakdown

Category: File, Mail, Metric

The mail attachments breakdown widget shows the number of each attachment type found in mails. This widget is only available for appliances with mail analysis enabled.

Mail attachments

Category: File, Mail

The Mail attachments widget provides an overview of the number of files that were detected by the sensors monitoring inbound email traffic. The graph is a daily histogram of received attachments, grouped by high level file type.

Used in the provided Dashboard: Mail and Dashboard: Files.

Mail attachments list

Category: Detection, File, Mail

The Mail attachments list widget displays a list of attachments received by the mail server in the network.

Used in the provided Dashboard: Mail.

Mail attachments over time

Category: File, Mail, Metric

The Mail attachments widget provides an overview of the number of files that were detected by the sensors monitoring inbound email traffic. The graph is a daily histogram of received attachments, grouped by high level file type.

Used in the provided Dashboard: Overview.

Mail delivery failure notifications (MTA Only)

Category: Mail, Metric

The Mail delivery failure notifications (MTA Only) widget shows the number of delivery status notifications sent. This widget only displays data for appliances with mail analysis enabled and in inline mode (MTA).

Used in the provided Dashboard: Mail.

Mail threats

Category: Detection, Mail

The Mail threats graph provides a graphical overview of the various threats detected in the mail messages analyzed by the server. The information is displayed in a layered circle.

Used in the provided Dashboard: Mail.

Mail threats list

Category: Detection, Mail

The Mail threats widget is a list displaying the email messages analyzed in the network.

Used in the provided Dashboard: Mail.

Mail URLs over time

Category: Detection, Mail

The Mail URLs over time widget provides an overview of the number of URLs that were received in email messages and were analyzed by the system. The graph is a daily columns chart of received URLs, grouped by maliciousness.

Used in the provided Dashboard: Mail.

Mails received

Category: Mail, Metric

The Mail received widget provides an overview of the number of email messages that have been processed by the appliances with mail analysis enabled. The x-axis depicts the time and the y-axis the number of messages. The legend marks each appliance with a different color.

Used in the provided Dashboard: Mail.

Malicious mail over time

Category: Detection, Mail

The Malicious mail over time widget provides a graphical overview of the various threats detected in the mail messages analyzed by the server. The x-axis depicts the time (defaults to the portal settings value) and the y-axis the number of relevant messages for a given type of threat.

Used in the provided Dashboard: Mail.

Memory usage

Category: Metric

This widget displays memory usage by appliance.

Network traffic received

Category: Metric

This widget displays network traffic received by appliance.

Network traffic sent

Category: Metric

This widget displays network traffic sent by appliance.

Packets processed

Category: Metric, Network

This widget displays packets processed by appliance.

Queued mails

Category: Mail, Metric

The Queued mails graph widget shows the number of emails in the queue waiting to be analyzed. This graph is only available for appliances with mail analysis enabled.

  • Analysis completion pending

  • Delivery pending

  • Notification delivery pending

Used in the provided Dashboard: Mail.

Queued records for Network Analysis

Category: Metric

The queued records widget shows the number of records that have been received for storage but have not yet been indexed, broken down by record type. Data is only available for a DATA NODE.

Sensors Status

Category: Metric

This widget displays the overall status of the appliances.

Swap usage

Category: Metric

This widget displays swap usage by appliance.

Traffic processed

Category: Metric, Network

The Traffic processed widget provides an overview of the network traffic that has been processed by the Sensor(s). The Sensor periodically reports statistics about the monitored traffic. Its default is normally 10 minutes. To keep the display manageable, the granularity of reported data varies dependent on the current time interval. These data are aggregated in this widget. The x-axis depicts the time and the y-axis the monitored traffic in megabits per second (Mbps). The legend marks each Sensor with a different color.

Used in the provided Dashboard: Overview and Dashboard: Network.

Transport layer protocols

Category: Metric, Network

The transport layer protocols widget shows the amount of data (in bytes) captured for each protocol by the appliances. Data is only available for an appliance with Traffic Sniffing enabled.