Preconfigured dashboard layouts

Kaspersky Next XDR Expert includes a set of predefined layouts that contain the following widgets:

• Alerts Overview layout (Alert overview):
  • Active alerts—number of alerts that have not been closed.
  • Unassigned alerts—number of alerts that have no assignee.
  • Latest alerts—table with information about the last 10 unclosed alerts belonging to the tenants selected in the layout.
  • Alerts distribution—number of alerts created during the period configured for the widget.
  • Alerts by priority—number of unclosed alerts grouped by their priority.
  • Alerts by assignee—number of alerts with the Assigned status. The grouping is by account name.
  • Alerts by status—number of alerts that have the New, Opened, Assigned, or Escalated status. The grouping is by status.
  • Affected users in alerts—number of users associated with alerts that have the New, Assigned, or Escalated status. The grouping is by account name.
  • Affected assets—table with information about the level of importance of assets and the number of unclosed alerts they are associated with.
  • Affected assets categories—categories of assets associated with unclosed alerts.
  • Top event source by alerts number—number of alerts with the New, Assigned, or Escalated status, grouped by alert source (DeviceProduct event field).

    The widget displays up to 10 event sources.

  • Alerts by rule—number of alerts with the New, Assigned, or Escalated status, grouped by correlation rules.
• Incidents Overview layout (Incidents overview):
  • Active incidents—number of incidents that have not been closed.
  • Unassigned incidents—number of incidents that have the Opened status.
  • Latest incidents—table with information about the last 10 unclosed incidents belonging to the tenants selected in the layout.
  • Incidents distribution—number of incidents created during the period configured for the widget.
  • Incidents by priority—number of unclosed incidents grouped by their priority.
  • Incidents by assignee—number of incidents with the Assigned status. The grouping is by user account name.
  • Incidents by status—number of incidents grouped by their status.
  • Affected assets in incidents—number of assets associated with unclosed incidents.
  • Affected users in incidents—users associated with incidents.
  • Affected asset categories in incidents—categories of assets associated with unclosed incidents.
  • Active incidents by tenant—number of incidents of all statuses, grouped by tenant.
• Network Overview layout (Network activity overview):
  • Netflow top internal IPs—total volume of netflow traffic received by the asset, in bytes. The data is grouped by internal IP addresses of assets.

    The widget displays up to 10 IP addresses.

  • Netflow top external IPs—total volume of netflow traffic received by the asset, in bytes. The data is grouped by external IP addresses of assets.
  • Netflow top hosts for remote control—number of events associated with access attempts to one of the following ports: 3389, 22, 135. The data is grouped by asset name.
  • Netflow total bytes by internal ports—number of bytes sent to internal ports of assets. The data is grouped by port number.
  • Top Log Sources by Events count—top 10 sources from which the greatest number of events was received.

The default refresh period for predefined layouts is Never. You can edit these layouts as needed.