Preconfigured dashboard layouts

Network Overview

• Netflow top internal IPs—total volume of netflow traffic received by the asset, in bytes. The data is grouped by internal IP addresses of assets.
• The widget displays up to 10 IP addresses.
• Netflow top external IPs—total volume of netflow traffic received by the asset, in bytes. The data is grouped by external IP addresses of assets.
• Netflow top hosts for remote control—number of events associated with access attempts to one of the following ports: 3389, 22, 135. The data is grouped by asset name.
• Netflow total bytes by internal ports—number of bytes sent to internal ports of assets. The data is grouped by port number.
• Top Log Sources by Events count—top 10 sources from which the greatest number of events was received.

[OOTB] KATA & EDR

• KATA. Top-10 detections by type — visualizes the 10 most common types of events detected by the KATA system.
• KATA. Top-10 detections by file type — visualizes the 10 most common file types detected by the KATA system.
• KATA. Top-10 user names in detections — visualizes the 10 most common user names detected by the KATA system.
• KATA. Top-10 IDS detections — visualizes the 10 most common threats detected by the IDS module of the KATA system.
• KATA. Top-10 URL detections — visualizes the 10 most common suspicious URLs detected by the KATA system.
• KATA. Top-10 AV detections — visualizes the 10 most common threats detected by the KATA anti-virus module.
• EDR. Top-10 MITRE technique detections — visualizes the 10 most common MITRE matrix techniques detected by the EDR system.
• EDR. Top-10 MITRE tactic detections — visualizes the 10 most common MITRE matrix tactics detected by the EDR system.

[OOTB] KSC

• KSC. Top-10 users with the most KAV alerts — visualizes the 10 most common user names present in events related to the detection of malicious software, information about which is contained in the KSC system.
• KSC. Top-10 most common threats — visualizes the 10 most common types of malware, information about which is contained in the KSC system.
• KSC. Number of devices that received AV database updates — visualizes the number of devices on which anti-virus database updates have been installed, information about which is contained in the KSC system.
• KSC. Number of devices on which the virus was found — visualizes the number of devices on which malware was detected, information about which is contained in the KSC system.
• KSC. Malware detections by hour — visualizes the distribution of the number of malware per hour, information about which is contained in the KSC system.

[OOTB] KSMG

• KSMG. Top-10 senders of blocked emails — visualizes the 10 most common senders of email messages blocked by the KSMG system.
• KSMG. Top-10 events by action — visualizes the 10 most common actions performed by the KSMG system.
• KSMG. Top-10 events by outcome — visualizes the 10 most common results of actions performed by the KSMG system.
• KSMG. Blocked emails by hour — visualizes the distribution of the number of email messages blocked by the KSMG system, by hour.

[OOTB] KWTS

• KWTS. Top-10 IP addresses with the most blocked web traffic — visualizes the 10 most common IP addresses from which traffic blocked by the KWTS system originated.
• KWTS. Top-10 IP addresses with the most allowed web traffic — visualizes the 10 most common IP addresses from which traffic allowed by the KWTS system originated.
• KWTS. Top 10 requests by client application — visualizes the 10 most common applications used to gain access to network resources, as detected by the KWTS system.
• KWTS. Top-10 blocked URLs — visualizes the 10 most common URLs from which traffic was allowed by the KWTS system.
• KWTS. System action types — visualizes the 10 most common actions performed by the KWTS system.
• KWTS. Top-10 users with the most allowed web traffic — visualizes the 10 most common user names of users whose traffic was allowed by the KWTS system.