Versions Compared

Version Old Version 5 New Version 6
Changes made by

Former user

Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel2
maxLevel2
typeflat

Purpose

This Activeboard provides metrics surrounding your domain’s data source. It includes tables that have a significant decrease in ingestion compared to the historical averages, total volume seen over the last month, hourly volume breakdown, as well as new and missing hosts, users, and firewalls.

Pre-requisites

To use the Data Source Monitor Activeboard you must have the following sources available on your domain:

  • siem.logtrust.collector.counter

  • box.all.win

  • box.unix

  • firewall.all.traffic

Open Security Operations Executive Overview

Once you have installed the application, you can access the Activeboard in the following ways:

Go to Exchange in the navigation pane and look for the Activeboard you want to open. Click Open.

Go to Activeboards in the navigation paneand use the filter to open the Activeboard you downloaded.

Info

Know more about Activeboards

Refer to Manage and filter Activeboards article to know how to work with Activeboards.

Exploring the Activeboard

When opening the Data Source Monitor Activeboard the following info is displayed. This Activeboard is divided into different areas:

  • Main area: source data over time.

  • Windows Host Information

  • Linux Host Information

  • User Information

  • Firewall Hosts Information

Image Added
Expand
titleClick here to see the details of each section

Main area

Widget

Details

Image Added

Sources with no data today

Image Added

Sources with less 50% of normal volume

Image Added

Sources with less 50 % - 75 % of normal volume

Image Added

Total sources seen last 8 days

Image Added

Total volume last 30 days

Image Added

Data sources monitor

Image Added

Hourly event count of selected source

Image Added

Hourly ingrst volume (all sources)