| Table of Contents | ||||||
|---|---|---|---|---|---|---|
|
Purpose
This Activeboard provides measurements around the data source of your domain. It includes tables that have a significant decrease in ingestion compared to the historical averages, total volume seen over the last month, hourly volume breakdown, as well as new and missing hosts, users, and firewalls.
Pre-requisites
To use the Data Source Monitor Activeboard
| Expand | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||
Prerequisites
To use this Activeboard,you must have the following sources available on your domain:
siem.logtrust.collector.counterbox.all.winlearn morebox.unixlearn morefirewall.all.trafficlearn more
Open
Security Operations Executive OverviewActiveboard
Once you have installed the Activeboard, you can access itin the following ways:
Go to Exchange in the navigation pane and look for the Activeboard you want to open. Click Open.
| Info |
|---|
Know more about Activeboards Refer to Manage and filter Activeboards article to know how to work with Activeboards. |
Exploring the Activeboard
When opening the Data Source Monitor Activeboard the following info is displayed. This Activeboard is divided into different areas:
use the Open button at the top right of the card in Exchange to access it and see the different widgets populated with the relevant data. You can also access the Activeboard area via the Navigation pane.
| Info | ||
|---|---|---|
Data loading takes too long? Sometimes some widgets take time to upload the data, it is possible to speed up the process by creating aggregation tasks. Refer to the Aggregation tasks article to learn how to do it. | ||
| Expand | ||
| ||
| Anchor | Main-area | Main-area |
Widget | Details | |
Sources with no data today | ||
Sources with less 50% of normal volume | ||
Sources with less 50 % - 75 % of normal volume | ||
Total sources seen last 8 days | ||
Total volume last 30 days | ||
Data sources monitor | ||
Hourly event count of selected source | ||
Hourly ingrst volume (all sources) | ||
| Anchor | Windows-Hosts-Information | Windows-Hosts-Information |
Widget | Details | |
Hosts not reporting | ||
New hosts | ||
| Anchor | Linux-Host-Information | Linux-Host-Information |
Widget | Details | |
Hosts not reporting | ||
New hosts | ||
| Anchor | User-information | User-information |
Widget | Details | |
Users not reporting | ||
New users | ||
| Anchor | Firewall-Hosts-Information | Firewall-Hosts-Information |
Widget | Details | |
Firewalls not reporting |
Use Activeboard
After installing and opening the Activeboard, you can use its widgets to visualize and monitor data. To do this, each widget offers a variety of customization and visualization options. Refer to Using widgets and Using inputs to know them all.