Viewing the dashboards

Protegrity provides Insight Dashboard that help analyze data and operations performed. Use the graphs and heat maps to visualize the logs in the Audit Store.

The dashboards are build using visualization. Use the information from Viewing visualizations to customize and build dashboards.

Note: Do not clone, delete, or modify the configuration or details of the dashboards that are provided by Protegrity. To create a customized dashboard, first clone and customize the required visualizations, then create a dashboard, and place the customized visualizations on the dashboard.

To view a dashboard:

  1. Log in to the Insight Dashboard.

  2. From the navigation panel, click Dashboards.

  3. Click the dashboard.

Viewing the Security Operation Dashboard

The security operation dashboard displays the counts of individual and total number of security operations for successful and unsuccessful operations. The Security Operation Dashboard has a table and pie charts that summarizes the security operations performed by a specific data store, protector family, and protector vendor. This dashboard shows different visualizations for the Successful Security Operations, Security Operations, Reprotect Counts, Successful Security Operation Counts, Security Operation Counts, Security Operation Table, and Unsuccessful Security Operations.

Note: This dashboard must not be deleted.

The dashboard has the following panels:

  • Total Security Operations: Displays pie charts for for the successful and unsuccessful security operations:
    • Successful: Total number of security operations that succeeded.
    • Unsuccessful: Total number of security operations that was unsuccessful.
  • Successful Security Operations: Displays pie chart for the following security operation:
    • Protect: Total number of protect operations.
    • Unprotect: Total number of unprotect operations.
    • Reprotect: Total number of reprotect operations.
  • Unsuccessful Security Operations: Displays pie chart for the following security operation:
    • Error: Total number of operations that were unsuccessful due to an error.
    • Warning: Total number of operations that were unsuccessful due to a warning.
    • Exception: Total number of operations that were unsuccessful due to an exception.
  • Total Security Operation Values: Displays the following information
    • Successful - Count: Total number of security operations that succeeded.
    • Unsuccessful - Count: Total number of security operations that were unsuccessful.
  • Successful Security Operation Values: Displays the following information:
    • Protect - Count: Total number of protect operations.
    • Unprotect - Count: Total number of unprotect operations.
    • Reprotect - Count: Total number of reprotect operations.
  • Unsuccessful Security Operation Values: Displays the following information:
    • ERROR - Count: Total number of error logs.
    • WARNING - Count: Total number of warning logs.
    • EXCEPTION - Count: Total number of exception logs.
  • Security Operation Table: Displays the number of security operations done for a data store, protector family, protector vendor, and protector version.
  • Unsuccessful Security Operations: Displays a list of unsuccessful security operations with details, such as, time, data store, protector family, protector vendor, protector version, IP, hostname, level, count, description, and source.

Viewing the Feature Usage Dashboard

The dashboard displays information about the Anonymization and Data Discovery features.

Note: This dashboard must not be deleted.

The dashboard has the following panels:

  • Anonymization Information: Displays the job id, job status, total data processed in MB, and the data anonymized in MB.
  • Data Discovery Information: Displays the status code, number of operations performed, and the sensitive data identified in MB.

Viewing the Protector Inventory Dashboard

The protector inventory dashboard displays protector details connected to the cluster through pie charts and tables. This dashboard has the Protector Details, Protector Families, Protector Vendor, Protector Version, Protector Core Version, and Protector Pcc Version visualizations. It is useful for understanding information about the installed Protectors.

Only protectors that perform security operations show up on the dashboard.

Note: This dashboard must not be deleted.

The dashboard has the following panels:

  • Protector Details: Displays the list of protectors installed with information, such as, Protector Family, Protector Vendor, Protector Version, PCC Version, Protector Core Version, and Deployment count. The Deployment count is based on the number of unique IPs. Updating the IP address of the Protector will consider both the old and new entries for the protector.
  • Protector Families: Displays pie chart with protector family information.
  • Protector Vendor: Displays pie chart with protector vendor information.
  • Protector Version: Displays pie chart with protector version information.
  • Protector Core Version: Displays pie chart with protector core version information.
  • Protector Pcc Version: Displays pie chart with protector Pcc version information.

Viewing the Protector Operation Dashboard

The protector operation dashboard displays protector details connected to the cluster through tables. This dashboard has the Protector Count and Protector List tables. It is useful for understanding information about the operations performed by the Protectors.

Only protectors that perform security operations show up on the dashboard. Updating the IP address or the hostname of the Protector shows the old and new entry for the protector.

Note: This dashboard must not be deleted.

The dashboard has the following panels:

  • Protector Count: Displays the deployment count and operations performed for each Protector Family and Protector Vendor combination.
  • Protector List: Displays the list of protection operations with information, such as, Protector Vendor, Protector Family, Protector Version, Protector IP, Hostname, Core Version, Pcc Version, and URP operations performed.

Viewing the Protector Status Dashboard

The protector status dashboard displays the protector connectivity status through a pie chart and a table visualization. This information is available only for v10.0.0 and later protectors. Logs from earlier protector versions are not available for the dashboards due to differences between the log formats. It is useful for understanding information about the installed v10.0.0 protectors. This dashboard uses status logs sent by the protector, so the protector which performed at least one security operation shows up on this dashboard. A protector is shown in one of the following states on the dashboard:

  • OK: The latest logs are sent from the protector to the Audit Store within the last 15 minutes.
  • Warning: The latest logs sent from the protector to the Audit Store in the last 15 and 60 minutes.
  • Error: The latest logs sent from the protector to the Audit Store are more than 60 minutes.

Updating the IP address or the hostname of the protector shows the old and new entry for the protector.

Note: This dashboard shows the v10.0.0 protectors that are connected to the cluster. This dashboard must not be deleted.

The dashboard has the following panels:

  • Connectivity Status: Displays a pie chart of the different states with the number of protectors that are in each state.
  • Protector Status: Displays the list of protectors connectivity status with information, such as, Datastore, Node IP, Hostname, Protector Platform, Core Version, Protector Vendor, Protector Family, Protector Version, Status, and Last Seen.

Viewing the Policy Status Dashboard

The policy status dashboard displays the Policy and Trusted Application connectivity status with respective to a DataStore. The status information, on this dashboard, is updated every 10 minutes. It is useful to understand deployment of the DataStore on all protector nodes. This dashboard displays the Policy deploy Status, Trusted Application deploy status, Policy Deploy details, and Trusted Application details visualizations. This information is available only for v10.0.0 and later protectors.

The policy status logs are sent to Insight. These logs are stored in the policy status index that is pty_insight_analytics_policy. The policy status index is analyzed using the correlation ID to identify the unique policies received by the Audit Store. The time duration and the correlation ID are then analyzed for determining the policy status.

The dashboard uses status logs sent by the protectors about the deployed policy, so the Policy or Trusted Application used for at least one security operation shows up on this dashboard. A Policy and Trusted Application can be shown in one of the following states on the dashboard:

  • OK: The latest correlation value of the logs sent for the Policy or Trusted Application to the Audit Store are within the last 15 minutes.
  • Warning: The latest correlation value of the logs sent for the Policy or Trusted Application to the Audit Store are more than 15 minutes.

Note: This dashboard must not be deleted.

The dashboard has the following panels:

  • Policy Deploy Status: Displays a pie chart of the different states with the number of policies that are in each state.
  • Trusted Application Status: Displays a pie chart of the different states with the number of trusted applications that are in each state.
  • Policy Deploy Details: Displays the list of policies and details, such as, Datastore Name, Node IP, Hostname, Last Seen, Policy Status, Process Name, Process Id, Platform, Core Version, PCC Version, Vendor, Family, Version, Deployment Time, and Policy Count.
  • Trusted Application Details: Displays the list of policies for Trusted Applications and details, such as, Datastore Name, Node IP, Hostname, Last Seen, Policy Status, Process Name, Process Id, Platform, Core Version, PCC Version, Vendor, Family, Version, Authorize Time, and Policy Count.

Data Element Usage Dashboard

The dashboard shows the security operation performed by users according to data elements. It displays the top 10 data elements used for the top five users.

The following visualizations are displayed on the dashboard:

  • Data Element Usage Intensity Of Users Per Protect operation
  • Data Element Usage Intensity Of Users Per Unprotect operation
  • Data Element Usage Intensity Of Users Per Reprotect operation

Sensitive Activity Dashboard

The dashboard shows the daily count of security events by data elements for specific time period.

The following visualization is displayed on the dashboard:

  • Sensitive Activity By Date

Server Activity Dashboard

The dashboard shows the daily count of all events by servers for specific time period. The older Audit index entries are not displayed on a new installation.

The following visualizations are displayed on the dashboard:

  • Server Activity of Troubleshooting Index By Date
  • Server Activity of Policy Logs Index By Date
  • Server Activity of Audit Index By Date

High & Critical Events Dashboard

The dashboard shows the daily count of system events of high and critical severity for selected time period. The older Audit index entries are not displayed on a new installation.

The following visualizations are displayed on the dashboard:

  • System Report - High & Critical Events of Troubleshooting Index
  • System Report - High & Critical Events of Policy Logs Index
  • System Report - High & Critical Events of Older Audit Indices

The System Report - High & Critical Events of Older Audit Indices graph is for legacy protectors.

Signature Verification Dashboard

Logs are generated on the protectors. The log is then processed using the signature key and a hash value, and a checksum is generated for the log entry. The hash and the checksum is sent to Insight for storage and further processing. When the log entry is received by Insight, a check can be performed when the signature verification job is executed to verify the integrity of the logs.

The log entries having checksums are identified. These entries are then processed using the signature key and the checksum received in the log entry from the protector is checked. If both the checksum values match, then the log entry has not been tampered with. If a mismatch is found, then it might be possible that the log entry was tampered or there is an issue receiving logs from a protector. These can be viewed on the Discover screen by using the logtype:verification search criteria.

When the signature verification for an audit log fails, the failure logs are logged in Insight.

The following information is displayed on the dashboard:

  • Time: Displays the date and time.
  • Name: Displays the unique name for the signature verification job.
  • Indexes: Displays the list of indexes on which the signature verification job runs.
  • Query: Displays the signature verification query.
  • Pending: Displays the number of logs pending for signature verification.
  • Processed: Displays the current number of logs processed.
  • Not-Verified: Displays the number of logs that could not be verified. Only protection logs are verified.
  • Success: Displays the number of verifiable logs where signature verification succeeded.
  • Failed: Displays the number of verifiable logs where signature verification failed.
  • State: Displays the job status.

Support Logs Dashboard

The dashboard shows support logs required by support for troubleshooting. Filter the logs displayed using the Level, Pod, Container, and Namespace list.

Unauthorized Access Dashboard

The dashboard shows the cumulative counts of unauthorized access and activity by users into Protegrity appliances and protectors.

The following visualization is displayed on the dashboard:

  • Unauthorized Access By Username

User Activity Dashboard

The dashboard shows the cumulative transactions performed by users over a date range.

The following visualization is displayed on the dashboard:

  • User Activity Across Date Range

Last modified : April 09, 2026