This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Security Operations SIEM: Step 4 - Custom Dashboards

2 weeks ago

jstoner
Staff
0 0 36

Table of Contents

Below you'll find a table of contents for the Custom Dashboards journey.

siem-custom-dashboards.png

Custom dashboard allow SecOps teams and team members to prioritize the informational views and data they see. This allows organizations, teams, and individuals to customize their interaction with SecOps to their role. Custom dashboards are not a requirement for product use, but greatly enhance the user experience. Dashboards should be tailored to the role of the user, and modified as workflows change.

Prerequisites

  • Entitlement for SecOps SIEM on the account and project.

Actions

siem-custom-dashboards-import-export-dashboard.png

Import/Export Dashboard

Dashboards can be imported and exported to allow for sharing between users and teams.

Show More
Prerequisites

See the Relevant Links section for more documentation regarding the prerequisites.

  • A dashboard file to Import
  • A dashboard created to Export
Steps

  1. In Chronicle UI, click Dashboards

  2. Click Menu next to the dasboard that you want to export.

  3. Select Export from the list, the Export dashboard dialog box will appear.

  4. Click Export

  5. In Chronicle UI, click Dashboards

  6. Click Add, next to personal or shared dashboards, then select Import dashboard.

  7. Select a dashboard file, then click Confirm.

  8. Click Import

Relevant Links
siem-custom-dashboards-create-custom-dashboard.png
Create Custom Dashboard

Custom Dashboards are a great way to provide specific insights into the data. You add tiles to the dashboard that display the visualizations, text, or buttons necessary for the context in which you are monitoring or responding to.

Show More
Prerequisites

See the Relevant Links section for more documentation regarding the prerequisites.

  • Administrative Access to SecOps SIEM
Steps

  1. In the Chronicle UI, click Dashboards.

  2. Under Personal Dashboards or Shared Dashboards, click Add > Create New.

  3. Click Edit Dashboard, then give it a name.

  4. Add a tile (or multiple tiles) to the dashboard. | Docs

    1. Create a new blank tile

    2. Duplicate an existing tile

    3. Edit an existing tile

  5. Click Save.

Relevant Links
siem-custom-dashboards-schedule-reports.png
 Schedule Reports

Having a report scheduled to run at a specific time can be a great way to keep up with the data that is important to you and your organization.

Show More
Prerequisites

See the Relevant Links section for more documentation regarding the prerequisites.

  • Administrative access or editor rights inside of SecOps are necessary to schedule reports.
Steps

  1. In the Chronicle UI, click Dashboards & Reports > SIEM Dashboards.

    1. Note: If you're just a SIEM customer, just click Dashboards.

  2. From the list of default and personal dashboards, select the dashboard for which you want to schedule report delivery.

  3. Click the 3 vertical ellipses from the top right of the page and select Schedule Delivery.

  4. In the Schedule Delivery dialog, fill out the following details in the Settings tab:

    1. Name

    2. Recurrence Day/Data and Time

    3. Email addresses for recipients (comma seppparated)

    4. In the Format list, select the CSV, PDF, or PNG file to format for the report.

  5. On the Filters tab, specify the time period for the report

    1. Click the Time field and select the filter conditions

    2. Add more time filters by clicking the Add icon

  6. On the Advanced options tab, select the paginate options for the email"

  7. Click Save

Relevant Links
Contributors
0 Likes
Version history
Last update:
2 weeks ago
Updated by: