Lesson 10: Dashboard reports
| Get a quick, graphical overview of current and recent system status. Learn to customize the information displayed. |
The charts and information areas on the tabs of the page offer a quick, graphical overview of current and recent system status and Internet activity.
Each dashboard tab displays a set of default charts, counters, and informational summaries.
- Elements can be added to or removed from the Risks, Usage, and System dashboards.
- Up to 12 elements can be displayed on each of these dashboards.
- When you click most charts and counters on these dashboards, an investigative report with more details is displayed.
- On all dashboards, many of the charts can be configured to include different time periods, show different sets of information (top 5, top 6-10, and so on), display in different formats
(stacked area chart, bar chart, multi-series line chart, and so on).
Other configuration options may be available, depending on the dashboard and element selected.
- Dashboard information is updated every 2 minutes.
In organizations that use delegated administration, the Super Administrator controls who can view charts on the dashboard. Access to the Threats dashboard is configured separately from access to the Risks, Usage, and System dashboards.
By default, the Forcepoint Security Manager times out after 22 minutes of inactivity. You must log on again to view dashboard updates, or to work in other pages.
Section 1: The Threats dashboard
Use the Threats dashboard to review information about suspicious activity in your network. This type of activity is often associated with advanced malware threats.
- You cannot add elements to, nor remove elements from, the Threats tab.
- Clicking a chart on the Threats dashboard modifies the information shown in the summary table at the bottom of the page. It does not open an investigative report.
The Threats dashboard includes the following:
| Dashboard Element | Description |
|---|---|
| Top Security Destinations |
Maps the countries associated with suspicious activity in your network. These may be countries hosting sites in threat- related categories, or countries to which malicious software in your network is attempting to send data. By default, the top 5 countries are shown. Click a highlighted country to show only traffic to that destination in the Suspicious Event Summary. |
| Severity Events by Type |
Charts the number of blocked requests for URLs in threat- related categories. By default, the top 5 most-requested categories are shown. Click a category in the chart to show only requests for that category in the Suspicious Event Summary. |
| Suspicious Event Summary |
Provides severity, user, machine, category, time, and direction information for Internet activity that may be related to an advanced malware threat. Click a severity, user name, IP address, or device name (provided by Content Gateway; not available in Forcepoint URL Filtering deployments) to open an Event Details page with more information about activity of the selected type. |
Filters at the top of the Threats dashboard can be used to limit the data shown on the page to a specific time period, severity level, or action (permitted or blocked).
The Suspicious Event Summary includes a Search box that can be used to further filter the data shown in the table.
Section 2: The Risks dashboard
Use the Risks dashboard to monitor permitted and blocked requests for URLs in the Security Risk class. By default, the following elements are displayed:
| Dashboard Element | Description |
|---|---|
| 30-Day Risk Trends | Shows blocked request trends for specific security and legal liability categories. Click a spark line to open the Threats dashboard or an investigative report (depending on category) with more information. |
| Clients with Security Risks | Shows which computers have been used to access Security Risk sites. You may want to check these machines to make sure they are not infected with any viruses or spyware. |
| Top Security Risk Categories |
Shows which Security Risk categories have received the most requests. Security Risk is a risk class: a grouping of categories with similar characteristics. Security Risk categories include Phishing, Spyware, and Hacking, among others. |
| Risk Classes | Shows how many requests to each risk class (Security Risk, Legal Liability, Productivity, Business Usage, Network Bandwidth Loss) have been permitted and blocked. |
| Top Uncategorized | Shows which URLs not categorized by the Forcepoint URL Database have been accessed most. Go to the page to assign a URL to a category. |
| Analytics: Security Risks | (Forcepoint Web Security only) Shows how many requests were assigned to new categories by Content Gateway analysis because the content had been changed or the site was compromised. |
Section 3: The Usage dashboard
The Usage dashboard shows general Internet activity trends for your organization. By default, the following elements are displayed:
| Dashboard Element | Description |
|---|---|
| Top Blocked Users | Shows which users have requested the most blocked URLs. |
| Top Requested Categories | Shows the categories that are being accessed most to provide a high-level overview of potential security, bandwidth, or productivity concerns. |
| Enforcement Summary | An overview of recently permitted requests, blocked requests for sites in the Security Risk class, and other blocked requests. |
| Web 2.0 Categories | (Forcepoint Web Security only) Shows the top categories assigned to requested Web 2.0 URLs, measured by requests. |
|
Web 2.0 URL Bandwidth |
(Forcepoint Web Security only) Shows the Web 2.0 URLs using the most bandwidth. |
| Analytics: Top Categories | (Forcepoint Web Security only) Shows the top categories to which requested URLs were assigned after Content Gateway analysis determined that they no longer fit their original category |
Section 4: The System dashboard
The System dashboard displays general health and status information about your so deployment. By default, the following elements are displayed:
| Dashboard Element | Description |
|---|---|
| Health Alert Summary | Provides brief status or error messages for system components. Click a message to view a more detailed alert and find solutions. |
| User Activity: Zoom Trend | Shows the volume of Internet requests processed into the Log Database. The unit of measurement depends on the period shown in the chart. By default, activity is shown in 3 hour and 30 minute intervals. |
| Protocol Bandwidth Use | Shows which protocols (like HTTP, SMTP, BitTorrent, or Spotify) are using the most bandwidth. |
| Filtering Service Status | Lists the status of each Filtering Service associated with the current Policy Server |
| Hybrid Bandwidth Summary | (Forcepoint Web Security only; requires the Forcepoint Web Security Hybrid Module) Shows the bandwidth consumed by Internet requests from users whose requests are managed by the hybrid service |
| Hybrid Requests Processed | (TForcepoint Web Security only; requires the orcepoint Web Security Hybrid Module) Shows how many Internet requests made by users from your organization were permitted and blocked by the hybrid service. |
Exercise: Customize the Risks, Usage, and System tabs
Administrators with permission to view charts on the dashboard can customize which charts appear or the Risks, Usage, and System tabs.
- Navigate to the Risks, Usage, or System tab of the dashboard, then click Add Chart in the toolbar at the top of the page.
The customize page lists the available dashboard elements. A blue circle marks the charts and other elements (counters, summaries) that currently appear on the selected tab.
There are 2 charts listed that do not appear by default on any tab:
- 30-Day Value Estimates gives estimates of time and bandwidth savings afforded by your web protection software over a 30-day period that includes today.
- Activity Today provides examples of how your software has protected your network, the total number of requests handled so far today, the number of requests blocked, and the number of real-time database updates processed.
- Select a tab from the Add elements to tab drop down list.
- Select an element (chart, counter, summary) from the Dashboard Elements list.
- Each tab can show a maximum of 12 elements.
- Elements currently displayed on the selected tab are marked by a blue circle icon.
- You can add multiple copies of the same element to a tab (for example, each might show a different time period).
- The selected element appears in the Preview pane. Optionally update the chart Name, then update any of the following that are available:
- Chart type: Many charts can be displayed as a multi-series bar, column, or line chart, or as a stacked area or column chart. Some can be displayed as bar, line, or pie charts. Which types are available depends on the data being displayed.
- Time period: Most charts can display a variable time period from Today (the 24-hour period beginning at midnight of the current day) to 30 days or longer (as configured by a Super Administrator on the page).
- Top: Charts displaying information about the top users, categories, URLs, and so on can typically display up to 5 values. Select whether to show the top 5 values, 6-10 values, 11-15 values, or 16-20 values.
For some elements, only the name can be customized.
- Click OK to implement the changes and return to the Dashboard page.