This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

How to create customize dashleta?

RSAAdmin
Beginner
Beginner

‎2014-05-10 05:25 AM

We have created many graphical dashboard in envision like top 10 denied connection to critical system, failed login to critical system using custom query and many more dashboard.
Now want to create it in SA.

I have tried to modify default dashlet (investigation top value) in SA but it is giving me only one meta value and count in tabular format. We required it graphical way.

Also I cannot run custom query in it.

Like: select metavalue name from table name where condition

 

Kindly assist me

0 Likes
6 REPLIES 6

huanzhou1
Beginner
Beginner

‎2014-05-10 09:37 PM

there is a dashlet called Investigation Top Values, you can input your query.

0 Likes

RSAAdmin
Beginner
Beginner
In response to huanzhou1

‎2014-05-10 11:56 PM

it will not give me graphical out put like bar,pi chart

could u pls give me sample query.

0 Likes

huanzhou1
Beginner
Beginner
In response to RSAAdmin

‎2014-05-11 11:52 AM

you can use "Reporting Realtime Chart" which actual refer to the rules which you create the chart.

0 Likes

Anonymous
Not applicable
In response to RSAAdmin

‎2014-05-13 01:07 PM

What you are going to want is a realtime chart that is summarizing your data.  I will give you an example that we are using currently.  We have an app rule that is catching any url that has admin in it on our hosted sites.  The rule in the reporting engine is now looking for that app rule while the country exists and is not the united states. 

 

Select ip.src

Where alert = 'cocc_admin_web_page' && country.src != 'united states' && country.src exists

aggregate and I don't put a restriction on max results.

 

When making the chart have it point to that rule and limit it to ten.  And have it update at what ever interval you want. 

 

 

Add a new dashlet for a realtime chart.

 

Point that chart to the newly created one.  Have it summarize the data for however many hours you want.    I find that a pie chart tends to render better. 

 

RSA.PNG.png

RSAAdmin
Beginner
Beginner
In response to Anonymous

‎2014-05-15 01:01 AM

thanks, i tried it. but complete one day data is populating in chart.

 

i require only last one hour data and refresh it every 5 minuet.

 

I set refresh interval 5 minuet.

0 Likes

huanzhou1
Beginner
Beginner
In response to RSAAdmin

‎2014-05-15 09:05 AM

you can choose past hours = 1

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.