Table 55-5 Custom Analysis Widget Presets
|
|
|
|
All Intrusion Events
|
Displays a graph of the total number of intrusion events on your monitored network over the dashboard time range.
|
Detailed Dashboard
Summary Dashboard
|
Protection
|
All Intrusion Events (Not Dropped)
|
Displays the most frequently occurring types of intrusion events, by classification, where the packet was not dropped as part of the event.
|
Detailed Dashboard
|
Protection
|
Allowed Connections by Application
|
Displays allowed application connections on your monitored network, grouped by application.
|
Application Statistics
|
FireSIGHT
|
Allowed Connections by Application Risk
|
Displays allowed application connections on your monitored network, grouped by application risk level.
|
Application Statistics
|
FireSIGHT
|
Allowed Connections by Business Relevance
|
Displays allowed application connections on your monitored network, grouped by estimated relevance to business activity.
|
Application Statistics
|
FireSIGHT
|
Allowed Connections by URL Category
|
Displays allowed application connections on your monitored network, grouped by URL category.
|
URL Statistics
|
URL Filtering
|
Allowed Connections by URL Reputation
|
Displays allowed application connections on your monitored network, grouped by URL reputation.
|
URL Statistics
|
URL Filtering
|
Allowed Connections by User
|
Displays allowed application connections on your monitored network, grouped by connecting user.
|
Access Controlled User Statistics
|
FireSIGHT
|
Application Protocols Introducing Malware
|
Displays the number of malware files transmitted over your network, grouped by the application protocol used to transmit the files.
|
Files Dashboard
|
Malware
|
Application Protocols Transferring Files
|
Displays the number of files transmitted over your network, grouped by the application protocol used to transmit the files.
|
Files Dashboard
|
Protection
|
Client Applications Introducing Malware
|
Displays the applications, or parent files, that accessed or created malware detected by FireAMP Connectors.
|
Files Dashboard
|
FireAMP subscription
|
Client Applications Transferring Files
|
Displays the applications, or parent files, that transmitted files over your network.
|
Files Dashboard
|
Protection
|
Clients
|
Displays clients on your monitored network, by type.
|
Detailed Dashboard
|
FireSIGHT
|
Connections by Application
|
Displays applications on your monitored network, based on the number of detected connections.
|
Connection Summary
|
FireSIGHT
|
Connections by Destination Continent
|
Displays continents to which connections were sent from your monitored network, based on the number of connections.
|
Connection Summary
|
FireSIGHT
|
Connections by Destination Country
|
Displays countries to which connections were sent from your monitored network, based on the number of connections.
|
Connection Summary
|
FireSIGHT
|
Connections by Initiator IP
|
Displays host IP addresses on your monitored network, based on the number of connections where that IP address on a host initiated the session.
|
Connection Summary
|
FireSIGHT
|
Connections by Port
|
Displays ports on your monitored network, based on the number of detected connections.
|
Connection Summary
|
FireSIGHT
|
Connections by Responder IP
|
Displays host IP addresses on your monitored network, based on the number of connections where the responder in that session was that IP address on a host. The output of this widget varies according to your connection logging configuration.
|
Connection Summary
|
FireSIGHT
|
Connections by Security Intelligence Category
|
Displays all connections monitored or blocked by Security Intelligence on your monitored network, grouped by Security Intelligence category.
|
Summary Dashboard
|
Protection
|
Connections by Source Continent
|
Displays continents communicating with your monitored network, based on the number of connections initiated from each continent.
|
Connection Summary
|
FireSIGHT
|
Connections by Source Country
|
Displays countries communicating with your monitored network, based on the number of connections initiated from each country.
|
Connection Summary
|
FireSIGHT
|
Connections by URL Category
|
Displays all application connections on your monitored network, grouped by URL category.
|
Summary Dashboard
|
URL Filtering
|
Connections by URL Reputation
|
Displays all application connections on your monitored network, grouped by URL reputation.
|
Summary Dashboard
|
URL Filtering
|
Connections over Time
|
Displays a graph of the total number of connections on your monitored network, over the dashboard time range.
|
Connection Summary
|
FireSIGHT
|
Denied Connections by Application
|
Displays denied connections on your monitored network, grouped by application.
|
Application Statistics
|
FireSIGHT
|
Denied Connections by URL Category
|
Displays denied connections on your monitored network, grouped by URL category.
|
URL Statistics
|
URL Filtering
|
Denied Connections by URL Reputation
|
Displays denied connections on your monitored network, grouped by URL reputation.
|
URL Statistics
|
URL Filtering
|
Denied Connections by User
|
Displays denied connections on your monitored network, grouped by connecting user.
|
Access Controlled User Statistics
|
FireSIGHT
|
Dropped Events by Application
|
Displays dropped intrusion events, grouped by application.
|
Application Statistics
|
Protection + FireSIGHT
|
Dropped Events by User
|
Displays dropped intrusion events, grouped by user.
|
Access Controlled User Statistics
|
Protection + FireSIGHT
|
Dropped Intrusion Events
|
Displays counts for intrusion events, by classification, where the packet was dropped.
|
Detailed Dashboard
Summary Dashboard
|
Protection
|
Dynamic Analysis Traffic by Device
|
Displays the most active devices, based on the size of the file data submitted to the Collective Security Intelligence Cloud for analysis.
|
Files Dashboard
|
Malware
|
Dynamic Analysis Traffic over Time
|
Displays the captured file data size submitted to the cloud for analysis over the dashboard time range.
|
Files Dashboard
|
Malware
|
File Actions
|
Displays the number of files transmitted over your network, grouped by the file rule actions used to handle the files.
|
Files Dashboard
|
Protection or Malware
|
File Categories
|
Displays the number of files transmitted over your network, grouped by file category.
|
Files Dashboard
|
Protection
|
File Dispositions
|
Displays the number of files detected in network traffic as a result of Malware Cloud Lookup file rules, grouped by malware disposition.
|
Files Dashboard
|
Malware
|
File Names
|
Displays the number of files transmitted over your network, grouped by file name.
|
Files Dashboard
|
Protection
|
File Storage by Device
|
Displays the devices that have stored the most file data.
|
Files Dashboard
|
Malware
|
File Storage by Disposition
|
Displays the size in kilobytes of file data stored on the device, based on file disposition.
|
Files Dashboard
|
Malware
|
File Storage by Type
|
Displays the size in kilobytes of file data stored on the device, based on file type.
|
Files Dashboard
|
Malware
|
File Storage over Time
|
Displays a graph of kilobytes of file data stored on managed devices over the dashboard time range.
|
Files Dashboard
|
Malware
|
File Transfers over Time
|
Displays a graph of the total number of file transfers detected in network traffic by the system, over the dashboard time range.
|
Files Dashboard
|
Protection
|
File Types
|
Displays the number of files transmitted over your network, grouped by file type.
|
Files Dashboard
|
Protection
|
File Types Infected with Malware
|
Displays the number of malware detected either in network traffic by the system or by FireAMP Connectors, grouped by file type.
|
Files Dashboard
|
Malware
|
Files Sent for Dynamic Analysis over Time
|
Displays a graph of the total number of files submitted for dynamic analysis, over the dashboard time range.
|
Files Dashboard
|
Malware
|
Files Stored over Time
|
Displays a graph of the total number of files stored on managed devices, over the dashboard time range.
|
Files Dashboard
|
Malware
|
Hosts Receiving Files
|
Displays the number of files received (downloaded) by host IP addresses on your network, grouped by IP address.
|
Files Dashboard
|
Protection
|
Hosts Receiving Malware
|
Displays the number of malware files received by host IP addresses on your network, grouped by IP address.
|
Files Dashboard
|
Malware license or FireAMP subscription
|
Hosts Sending Files
|
Displays the number of files sent (uploaded) from host IP addresses on your network, grouped by IP address.
|
Files Dashboard
|
Protection
|
Hosts Sending Malware
|
Displays the number of malware files sent from host IP addresses on your network, grouped by IP address.
|
Files Dashboard
|
Malware
|
Impact
X
Events by Application
|
Displays number of events of estimated impact level
X
(where
X
is a number 0-4), grouped by application.
|
Application Statistics
|
Protection + FireSIGHT
|
Impact Level
X
Events by Application Protocol
|
Displays number of events of estimated impact level
X
(where
X
is a number 1-2), grouped by application protocol.
|
Summary Dashboard
|
Protection + FireSIGHT
|
Impact Level
X
Events by User
|
Displays number of events of estimated impact level
X
(where
X
is a number 0-4), grouped by user.
|
Access Controlled User Statistics
|
Protection + FireSIGHT
|
Indications of Compromise by Host
|
Displays number of triggered indications of compromise, grouped by associated host IP address.
|
Summary Dashboard
|
FireSIGHT
|
Intrusion Events Requiring Analysis
|
Displays a count of intrusion events requiring analysis, based on event classification.
|
Detailed Dashboard
|
Protection + FireSIGHT
|
Intrusion Events by Destination Continent
|
Displays continents targeted by intrusion events, based on the number of events associated with each continent.
|
Summary Dashboard
|
FireSIGHT
|
Intrusion Events by Destination Country
|
Displays countries targeted by intrusion events, based on the number of events associated with each country.
|
Summary Dashboard
|
FireSIGHT
|
Intrusion Events by Source Continent
|
Displays continents where intrusion events originated, based on the number of events originated from each continent.
|
Summary Dashboard
|
FireSIGHT
|
Intrusion Events by Source Country
|
Displays countries where intrusion events originated, based on the number of events originated from each country.
|
Summary Dashboard
|
FireSIGHT
|
Intrusion Events to High Criticality Hosts
|
Displays intrusion events, based on the number of intrusion events occurring on high criticality hosts.
|
Detailed Dashboard
|
Protection + FireSIGHT
|
Malware Intrusions
|
Displays intrusion events, based on the number of intrusion events occurring in connections transmitting malware.
|
Files Dashboard
|
Malware
|
Malware Threats
|
Displays the number of malware threats detected either in network traffic by the system or by FireAMP Connectors, grouped by threat name.
|
Files Dashboard
|
Malware license or FireAMP subscription
|
New Indications of Compromise over Time
|
Displays a graph of new indications of compromise detected over the dashboard time range.
|
Summary Dashboard
|
FireSIGHT
|
Operating Systems
|
Displays operating systems, based on the number of hosts running each operating system within your network.
|
Detailed Dashboard
|
FireSIGHT
|
Possible Zero-Day Malware
|
Displays the captured files most likely to be zero-day malware, with a file disposition of unknown and either
High
or
Very High
threat scores, based on the number of times the file was seen.
|
Files Dashboard
|
Malware
|
Processes Introducing Malware
|
Displays the system processes that accessed or created malware detected by FireAMP Connectors.
|
Files Dashboard
|
Malware license or FireAMP subscription
|
Risky Applications with Low Business Relevance
|
Displays all application connections on your monitored network that have both high application risk level and low estimated business relevance.
|
Summary Dashboard
|
FireSIGHT
|
Servers
|
Displays servers, by number of hosts.
|
Detailed Dashboard
|
FireSIGHT
|
SSL Actions
|
Displays a count of the SSL rule actions taken on encrypted traffic, based on frequency.
|
Connection Summary
|
Any
|
SSL Certificate Status
|
Displays a count of the certificate statuses the system detected in SSL-encrypted sessions, based on frequency.
|
Connection Summary
|
Any
|
SSL Decryption Failure Reasons
|
Displays a count of the system’s reasons to improperly decrypt SSL-encrypted sessions, based on frequency.
|
Connection Summary
|
Any
|
SSL Sessions Decrypted over Time
|
Displays a graph of the number of SSL-encrypted sessions the system decrypted, over the dashboard time range.
|
Connection Summary
|
Any
|
SSL Sessions Not Decrypted over Time
|
Displays a graph of the number of SSL-encrypted sessions the system did not decrypt, over the dashboard time range.
|
Connection Summary
|
Any
|
SSL Sessions with Errors over Time
|
Displays a graph of the number of SSL-encrypted sessions the system detected that contained internal errors, over the dashboard time range.
|
Connection Summary
|
Any
|
Threat Detections over Time
|
Displays a graph of the total number of malware threats detected either in network traffic by the system or by FireAMP Connectors, over the dashboard time range.
|
Files Dashboard
|
Malware license or FireAMP subscription
|
Top Attackers
|
Displays attacking host IP addresses on your monitored network, based on the number of intrusion events where the listed IP address was the attacker in the connection that caused the event.
|
Summary Dashboard
|
Protection
|
Top Client Applications Seen
|
Displays client applications on your monitored network, based on total kilobytes of data transmitted by the client application.
|
Summary Dashboard
|
FireSIGHT
|
Top Operating Systems Seen
|
Displays operating systems on your monitored network, based on the number of network hosts with the operating system.
|
Summary Dashboard
|
FireSIGHT
|
Top Server Applications Seen
|
Displays server applications on your monitored network, based on the number of hosts running the service.
|
Summary Dashboard
|
FireSIGHT
|
Top Targets
|
Displays host IP addresses on your monitored network, based on the number of intrusion events where that address was targeted in the connection that caused the event.
|
Summary Dashboard
|
Protection
|
Top Threats
|
Displays the distribution of threat scores, based on the number of stored files with that threat score.
|
Files Dashboard
|
Malware
|
Top Web Applications Seen
|
Displays web applications on your monitored network, based on total kilobytes of data transmitted by the client application.
|
Summary Dashboard
|
FireSIGHT
|
Total Events by Application
|
Displays applications on your monitored network, based on the number of intrusion events generated by the application.
|
Application Statistics
|
Protection + FireSIGHT
|
Total Events by Application Protocol
|
Displays application protocols on your monitored network, based on the number of intrusion events associated with the application protocol.
|
Summary Dashboard
|
Protection + FireSIGHT
|
Total Events by User
|
Displays users on your monitored network, based on the number of intrusion events generated by each user’s activity.
|
Summary Dashboard
Access Controlled User Statistics
|
Protection + FireSIGHT
|
Traffic by Application
|
Displays applications on your monitored network, based on total kilobytes of data transmitted on your monitored network by the application over the dashboard time range.
|
Application Statistics
Connection Summary
Detailed Dashboard
|
FireSIGHT
|
Traffic by Application Category
|
Displays application categories on your monitored network, based on total kilobytes of data transmitted on your monitored network by applications in each category over the dashboard time range.
|
Application Statistics
Summary Dashboard
|
FireSIGHT
|
Traffic by Application Risk
|
Displays estimated risk levels of applications on your monitored network, based on total kilobytes of data transmitted on your monitored network by applications at each level over the dashboard time range.
|
Summary Dashboard
|
FireSIGHT
|
Traffic by Business Relevance
|
Displays estimated business relevance levels of applications on your monitored network, based on total kilobytes of data transmitted on your monitored network by applications at each level over the dashboard time range.
|
Summary Dashboard
|
FireSIGHT
|
Traffic by Destination Continent
|
Displays continents contacted from your monitored network, based on total kilobytes of data transmitted on your monitored network to each continent over the dashboard time range.
|
Connection Summary
|
FireSIGHT
|
Traffic by Destination Country
|
Displays countries contacted from your monitored network, based on total kilobytes of data transmitted on your monitored network to each country over the dashboard time range.
|
Connection Summary
|
FireSIGHT
|
Traffic by Initiator IP
|
Displays host IP addresses on your monitored network, based on total kilobytes of data transmitted on your monitored network from the IP address over the dashboard time range.
|
Connection Summary
Detailed Dashboard
|
FireSIGHT
|
Traffic by Initiator User
|
Displays users on your monitored network, based on total kilobytes of data received by the hosts where those users are logged in.
|
Detailed Dashboard
Summary Dashboard
|
FireSIGHT
|
Traffic by Port
|
Displays responder ports on your monitored network, based on total kilobytes of data transmitted on your monitored network via each port over the dashboard time range. The output of this widget varies according to your connection logging configuration.
|
Connection Summary
|
FireSIGHT
|
Traffic by Responder IP
|
Displays IP addresses on your monitored network, based on total kilobytes of data received by the IP addresses (on hosts) over the dashboard time range. The output of this widget varies according to your connection logging configuration.
|
Connection Summary
Detailed Dashboard
|
FireSIGHT
|
Traffic by Security Intelligence Category
|
Displays Security Intelligence categories on your monitored network, based on total kilobytes of data transmitted over connections in each category over the dashboard time range.
|
Summary Dashboard
|
Protection
|
Traffic by Source Continent
|
Displays continents transmitting data to your monitored network, based on total kilobytes of data on your monitored network transmitted from each continent over the dashboard time range.
|
Connection Summary
|
FireSIGHT
|
Traffic by Source Country
|
Displays countries transmitting data to your monitored network, based on total kilobytes of data on your monitored network transmitted from each country over the dashboard time range.
|
Connection Summary
|
FireSIGHT
|
Traffic by URL Category
|
Displays application URL categories on your monitored network, based on total kilobytes of data exchanged with URLs of each category over the dashboard time range.
|
URL Statistics
|
URL Filtering
|
Traffic by URL Reputation
|
Displays application URL reputation types on your monitored network, based on total kilobytes of data exchanged with URLs of each reputation over the dashboard time range.
|
URL Statistics
|
URL Filtering
|
Traffic by User
|
Displays users on your monitored network, based on total kilobytes of data exchanged by each user over the dashboard time range.
|
None
|
FireSIGHT
|
Traffic over Time
|
Displays a graph of total kilobytes of data transmitted on your monitored network over the dashboard time range.
|
Connection Summary
Detailed Dashboard
|
FireSIGHT
|
Unique Applications over Time
|
Displays a graph of total unique applications detected on your monitored network over the dashboard time range.
|
Application Statistics
Summary Dashboard
|
FireSIGHT
|
Unique Users over Time
|
Displays a graph of total unique users detected on your monitored network over the dashboard time range.
|
Access Controlled User Statistics
|
FireSIGHT
|
Users Affected by Malware
|
Displays the number of threats detected either in network traffic by the system or by FireAMP Connectors, grouped by user.
|
Files Dashboard
|
Malware + FireSIGHT, or FireAMP subscription
|
Users Transferring Files
|
Displays the number of files being transmitted over your network, grouped by sender.
|
Files Dashboard
|
Malware + FireSIGHT
|
Web Applications Introducing Malware
|
Displays web applications on your monitored network that accessed or created malware detected by FireAMP Connectors.
|
Files Dashboard
|
Malware license or FireAMP subscription
|
Web Applications Transferring Files
|
Displays the number of files transmitted over your network, grouped by the web application used to transmit the files.
|
Files Dashboard
|
Malware license or FireAMP subscription
|
White List Violations
|
Displays hosts with white list violations, by violation count.
|
Detailed Dashboard
|
FireSIGHT
|