Alerts Overview

• Active alerts—number of alerts that have not been closed.
• Unassigned alerts—number of alerts that have the New status.
• Latest alerts—table with information about the last 10 unclosed alerts belonging to the tenants selected in the layout.
• Alerts distribution—number of alerts created during the period configured for the widget.
• Alerts by priority—number of unclosed alerts grouped by their priority.
• Alerts by assignee—number of alerts with the Assigned status. The grouping is by account name.
• Alerts by status—number of alerts that have the New, Opened, Assigned, or Escalated status. The grouping is by status.
• Affected users in alerts—number of users associated with alerts that have the New, Assigned, or Escalated status. The grouping is by account name.
• Affected assets—table with information about the level of importance of assets and the number of unclosed alerts they are associated with.
• Affected assets categories—categories of assets associated with unclosed alerts.
• Top event source by alerts number—number of alerts with the New, Assigned, or Escalated status, grouped by alert source (DeviceProduct event field). The widget displays up to 10 event sources.
• Alerts by rule—number of alerts with the New, Assigned, or Escalated status, grouped by correlation rules.

Incidents Overview

• Active incidents—number of incidents that have not been closed.
• Unassigned incidents—number of incidents that have the Opened status.
• Latest incidents—table with information about the last 10 unclosed incidents belonging to the tenants selected in the layout.
• Incidents distribution—number of incidents created during the period configured for the widget.
• Incidents by priority—number of unclosed incidents grouped by their priority.
• Incidents by assignee—number of incidents with the Assigned status. The grouping is by user account name.
• Incidents by status—number of incidents grouped by their status.
• Affected assets in incidents—number of assets associated with unclosed incidents.
• Affected users in incidents—users associated with incidents.
• Affected asset categories in incidents—categories of assets associated with unclosed incidents.
• Active incidents by tenant—number of incidents of all statuses, grouped by tenant.

Network Overview

• Netflow top internal IPs—total volume of netflow traffic received by the asset, in bytes. The data is grouped by internal IP addresses of assets.
• The widget displays up to 10 IP addresses.
• Netflow top external IPs—total volume of netflow traffic received by the asset, in bytes. The data is grouped by external IP addresses of assets.
• Netflow top hosts for remote control—number of events associated with access attempts to one of the following ports: 3389, 22, 135. The data is grouped by asset name.
• Netflow total bytes by internal ports—number of bytes sent to internal ports of assets. The data is grouped by port number.
• Top Log Sources by Events count—top 10 sources from which the greatest number of events was received.

[OOTB] KATA & EDR

• KATA. Top-10 detections by type — visualizes the 10 most common types of events detected by the KATA system.
• KATA. Top-10 detections by file type — visualizes the 10 most common file types detected by the KATA system.
• KATA. Top-10 user names in detections — visualizes the 10 most common user names detected by the KATA system.
• KATA. Top-10 IDS detections — visualizes the 10 most common threats detected by the IDS module of the KATA system.
• KATA. Top-10 URL detections — visualizes the 10 most common suspicious URLs detected by the KATA system.
• KATA. Top-10 AV detections — visualizes the 10 most common threats detected by the KATA anti-virus module.
• EDR. Top-10 MITRE technique detections — visualizes the 10 most common MITRE matrix techniques detected by the EDR system.
• EDR. Top-10 MITRE tactic detections — visualizes the 10 most common MITRE matrix tactics detected by the EDR system.

[OOTB] KSC

• KSC. Top-10 users with the most KAV alerts — visualizes the 10 most common user names present in events related to the detection of malicious software, information about which is contained in the KSC system.
• KSC. Top-10 most common threats — visualizes the 10 most common types of malware, information about which is contained in the KSC system.
• KSC. Number of devices that received AV database updates — visualizes the number of devices on which anti-virus database updates have been installed, information about which is contained in the KSC system.
• KSC. Number of devices on which the virus was found — visualizes the number of devices on which malware was detected, information about which is contained in the KSC system.
• KSC. Malware detections by hour — visualizes the distribution of the number of malware per hour, information about which is contained in the KSC system.

[OOTB] KSMG

• KSMG. Top-10 senders of blocked emails — visualizes the 10 most common senders of email messages blocked by the KSMG system.
• KSMG. Top-10 events by action — visualizes the 10 most common actions performed by the KSMG system.
• KSMG. Top-10 events by outcome — visualizes the 10 most common results of actions performed by the KSMG system.
• KSMG. Blocked emails by hour — visualizes the distribution of the number of email messages blocked by the KSMG system, by hour.

[OOTB] KWTS

• KWTS. Top-10 IP addresses with the most blocked web traffic — visualizes the 10 most common IP addresses from which traffic blocked by the KWTS system originated.
• KWTS. Top-10 IP addresses with the most allowed web traffic — visualizes the 10 most common IP addresses from which traffic allowed by the KWTS system originated.
• KWTS. Top 10 requests by client application — visualizes the 10 most common applications used to gain access to network resources, as detected by the KWTS system.
• KWTS. Top-10 blocked URLs — visualizes the 10 most common URLs from which traffic was allowed by the KWTS system.
• KWTS. System action types — visualizes the 10 most common actions performed by the KWTS system.
• KWTS. Top-10 users with the most allowed web traffic — visualizes the 10 most common user names of users whose traffic was allowed by the KWTS system.