Widgets in KUMA are used to obtain analytics for the Dashboard and Reports.
Click on the title or legend of widgets for events, alerts or incidents to open the corresponding section of the KUMA web interface containing the widget data obtained using the section's filters and/or a search query. See below for more details. This functionality is not available while creating or editing layouts.
Widgets are organized into widget groups, each one related to the analytics type they provide. The following widget groups and widgets are available in KUMA:
Events—widget for creating analytics based on events.
Click on the title of this widget to go to the Events section of the KUMA web interface. The SQL query specified in the widget is used to request events from the widget. The query is specified without grouping (except for table graphs) but takes into account the conditions indicated in the WHERE parameter. The LIMIT parameter in a query is equal to 250.
Alerts—group for analytics related to alerts. Click on the title or legend of widgets in this group to go to the Alerts section of the KUMA web interface and view the widget data in detail.
The group includes the following widgets:
Active alerts—number of alerts that have not been closed.
Active alerts by tenant—number of unclosed alerts grouped by tenant.
Alerts by tenant—number of alerts of all statuses, grouped by tenant.
Unassigned alerts—number of alerts that have the New status.
Alerts by assignee—number of assigned alerts grouped by their executor.
Alerts by status—number of alerts grouped by status.
Alerts by priority—number of unclosed alerts grouped by their priority.
Alerts by rule—number of unclosed alerts grouped by correlation rule. For this widget, you cannot obtain detailed information by clicking on the widget title.
Latest alerts—table containing the last 10 unclosed alerts.
Alerts distribution—number of alerts created during the period indicated in the widget.
Assets—group for analytics related to assets from processed events. This group includes the following widgets:
Affected assets—table of alert-related assets showing the priority of the asset and the number of unclosed alerts related to it.
Affected asset categories—categories of assets linked to unclosed alerts.
Number of assets—number of assets that were added to KUMA.
Incidents—group for analytics related to incidents. Click on the title or legend of widgets in this group to go to the Incidents section of the KUMA web interface and view the widget data in detail.
The group includes the following widgets:
All incidents – the total number of incidents.
Active incidents—number of incidents that have not been closed.
Unassigned incidents—number of incidents that have the Opened status.
Incidents distribution—number of incidents created during the period indicated in the widget.
Incidents by assignee—number of incidents that have the Assigned status grouped by KUMA user.
Incidents by status—number of incidents grouped by status.
Incidents by priority—number of unclosed incidents grouped by their priority. Available types of diagrams: pie chart, bar graph.
Active incidents by tenant—number of unclosed incidents grouped by tenant available to the user.
All incidents by tenant—number of incidents of all statuses, grouped by tenant.
Affected assets in incidents—number of assets in unclosed incidents. For this widget, you cannot obtain detailed information by clicking on the widget title.
Affected assets categories in incidents—categories of the assets affected by unclosed incidents. Available types of diagrams: pie chart, bar graph. For this widget, you cannot obtain detailed information by clicking on the widget title.
Affected Users in Incidents—users affected by incidents. Available types of diagrams: table, pie chart, bar graph. For this widget, you cannot obtain detailed information by clicking on the widget title.
Latest incidents—last 10 unclosed incidents.
Event sources—group for analytics related to sources of events. The group includes the following widgets:
Top event sources by alerts number—number of unclosed alerts grouped by event source.
Top event sources by convention rate—number of events that have an unclosed alert grouped by event source.
Due to optimized storage of events in alerts, the number of alerts created by event sources may be distorted in some cases. To obtain accurate statistics, it is recommended to specify the Device Product event field as unique in the correlation rule, and enable storage of all base events in a correlation event. However, correlation rules with these settings consume more resources.
Users—group for analytics related to users from processed events. The group includes the following widgets:
Affected users in alerts—number of users related to unclosed alerts.
Number of AD users—number of Active Directory accounts received via LDAP during the period indicated in the widget.