Predefined dashboard layouts

KUMA comes with a set of predefined layouts: The default refresh period for predefined layouts is Never. You can edit these layouts as needed.

Predefined layouts

Layout name

Description of widgets in the layout

Alerts Overview

  • Active alerts—number of alerts that have not been closed.
  • Unassigned alerts—number of alerts that have the New status.
  • Latest alerts—table with information about the last 10 unclosed alerts belonging to the tenants selected in the layout.
  • Alerts distribution—number of alerts created during the period configured for the widget.
  • Alerts by priority—number of unclosed alerts grouped by their priority.
  • Alerts by assignee—number of alerts with the Assigned status. The grouping is by account name.
  • Alerts by status—number of alerts that have the New, Opened, Assigned, or Escalated status. The grouping is by status.
  • Affected users in alerts—number of users associated with alerts that have the New, Assigned, or Escalated status. The grouping is by account name.
  • Affected assets—table with information about the level of importance of assets and the number of unclosed alerts they are associated with.
  • Affected assets categories—categories of assets associated with unclosed alerts.
  • Top event source by alerts number—number of alerts with the New, Assigned, or Escalated status, grouped by alert source (DeviceProduct event field). The widget displays up to 10 event sources.
  • Alerts by rule—number of alerts with the New, Assigned, or Escalated status, grouped by correlation rules.

Incidents Overview

  • Active incidents—number of incidents that have not been closed.
  • Unassigned incidents—number of incidents that have the Opened status.
  • Latest incidents—table with information about the last 10 unclosed incidents belonging to the tenants selected in the layout.
  • Incidents distribution—number of incidents created during the period configured for the widget.
  • Incidents by priority—number of unclosed incidents grouped by their priority.
  • Incidents by assignee—number of incidents with the Assigned status. The grouping is by user account name.
  • Incidents by status—number of incidents grouped by their status.
  • Affected assets in incidents—number of assets associated with unclosed incidents.
  • Affected users in incidents—users associated with incidents.
  • Affected asset categories in incidents—categories of assets associated with unclosed incidents.
  • Active incidents by tenant—number of incidents of all statuses, grouped by tenant.

Network Overview

  • Netflow top internal IPs—total volume of netflow traffic received by the asset, in bytes. The data is grouped by internal IP addresses of assets.
  • The widget displays up to 10 IP addresses.
  • Netflow top external IPs—total volume of netflow traffic received by the asset, in bytes. The data is grouped by external IP addresses of assets.
  • Netflow top hosts for remote control—number of events associated with access attempts to one of the following ports: 3389, 22, 135. The data is grouped by asset name.
  • Netflow total bytes by internal ports—number of bytes sent to internal ports of assets. The data is grouped by port number.
  • Top Log Sources by Events count—top 10 sources from which the greatest number of events was received.

[OOTB] KATA & EDR

  • KATA. Top-10 detections by type — visualizes the 10 most common types of events detected by the KATA system.
  • KATA. Top-10 detections by file type — visualizes the 10 most common file types detected by the KATA system.
  • KATA. Top-10 user names in detections — visualizes the 10 most common user names detected by the KATA system.
  • KATA. Top-10 IDS detections — visualizes the 10 most common threats detected by the IDS module of the KATA system.
  • KATA. Top-10 URL detections — visualizes the 10 most common suspicious URLs detected by the KATA system.
  • KATA. Top-10 AV detections — visualizes the 10 most common threats detected by the KATA anti-virus module.
  • EDR. Top-10 MITRE technique detections — visualizes the 10 most common MITRE matrix techniques detected by the EDR system.
  • EDR. Top-10 MITRE tactic detections — visualizes the 10 most common MITRE matrix tactics detected by the EDR system.

[OOTB] KSC

  • KSC. Top-10 users with the most KAV alerts — visualizes the 10 most common user names present in events related to the detection of malicious software, information about which is contained in the KSC system.
  • KSC. Top-10 most common threats — visualizes the 10 most common types of malware, information about which is contained in the KSC system.
  • KSC. Number of devices that received AV database updates — visualizes the number of devices on which anti-virus database updates have been installed, information about which is contained in the KSC system.
  • KSC. Number of devices on which the virus was found — visualizes the number of devices on which malware was detected, information about which is contained in the KSC system.
  • KSC. Malware detections by hour — visualizes the distribution of the number of malware per hour, information about which is contained in the KSC system.

[OOTB] KSMG

  • KSMG. Top-10 senders of blocked emails — visualizes the 10 most common senders of email messages blocked by the KSMG system.
  • KSMG. Top-10 events by action — visualizes the 10 most common actions performed by the KSMG system.
  • KSMG. Top-10 events by outcome — visualizes the 10 most common results of actions performed by the KSMG system.
  • KSMG. Blocked emails by hour — visualizes the distribution of the number of email messages blocked by the KSMG system, by hour.

 

[OOTB] KWTS

  • KWTS. Top-10 IP addresses with the most blocked web traffic — visualizes the 10 most common IP addresses from which traffic blocked by the KWTS system originated.
  • KWTS. Top-10 IP addresses with the most allowed web traffic — visualizes the 10 most common IP addresses from which traffic allowed by the KWTS system originated.
  • KWTS. Top 10 requests by client application — visualizes the 10 most common applications used to gain access to network resources, as detected by the KWTS system.
  • KWTS. Top-10 blocked URLs — visualizes the 10 most common URLs from which traffic was allowed by the KWTS system.
  • KWTS. System action types — visualizes the 10 most common actions performed by the KWTS system.
  • KWTS. Top-10 users with the most allowed web traffic — visualizes the 10 most common user names of users whose traffic was allowed by the KWTS system.

Page top