Working with Protegrity dashboards

Protegrity provides dashboards that help analyze data and operations performed. Use the graphs and heat maps to visualize the logs in the Audit Store.

The configuration of dashboards created in the earlier versions of the Audit Store Dashboards are retained after the ESA is upgraded. Protegrity provides default dashboards with version 10.0.0. If the title of an existing dashboard matches the new dashboard provided by Protegrity, then a duplicate entry is visible. Use the date and time stamp to identify and rename the earlier dashboards.

Do not delete or modify the configuration or details of the new dashboards provided by Protegrity.

To view a dashboard:

  1. Log in to the ESA.

  2. Navigate to Audit Store > Dashboard.

  3. From the navigation panel, click Dashboards.

  4. Click the dashboard.

Viewing the Security Operation Dashboard

The security operation dashboard displays the counts of individual and total number of security operations for successful and unsuccessful operations. The Security Operation Dashboard has a table and pie charts that summarizes the security operations performed by a specific data store, protector family, and protector vendor. This dashboard shows different visualizations for the Successful Security Operations, Security Operations, Reprotect Counts, Successful Security Operation Counts, Security Operation Counts, Security Operation Table, and Unsuccessful Security Operations.

This dashboard cannot be deleted. The dashboard is shown in the following figure.

The figure shows the Security Operation Dashboard.

The dashboard has the following panels:

  • Total Security Operations: Displays pie charts for for the successful and unsuccessful security operations:
    • Successful: Total number of security operations that succeeded.
    • Unsuccessful: Total number of security operations that was unsuccessful.
  • Successful Security Operations: Displays pie chart for the following security operation:
    • Protect: Total number of protect operations.
    • Unprotect: Total number of unprotect operations.
    • Reprotect: Total number of reprotect operations.
  • Unsuccessful Security Operations: Displays pie chart for the following security operation:
    • Error: Total number of operations that were unsuccessful due to an error.
    • Warning: Total number of operations that were unsuccessful due to a warning.
    • Exception: Total number of operations that were unsuccessful due to an exception.
  • Total Security Operation Values: Displays the following information
    • Successful - Count: Total number of security operations that succeeded.
    • Unsuccessful - Count: Total number of security operations that were unsuccessful.
  • Successful Security Operation Values: Displays the following information:
    • Protect - Count: Total number of protect operations.
    • Unprotect - Count: Total number of unprotect operations.
    • Reprotect - Count: Total number of reprotect operations.
  • Unsuccessful Security Operation Values: Displays the following information:
    • ERROR - Count: Total number of error logs.
    • WARNING - Count: Total number of warning logs.
    • EXCEPTION - Count: Total number of exception logs.
  • Security Operation Table: Displays the number of security operations done for a data store, protector family, protector vendor, and protector version.
  • Unsuccessful Security Operations: Displays a list of unsuccessful security operations with details, such as, time, data store, protector family, protector vendor, protector version, IP, hostname, level, count, description, and source.

Viewing the Protector Inventory Dashboard

The protector inventory dashboard displays protector details connected to the ESA through bar graphs and tables. This dashboard has the Protector Family, Protector Version, Protector Count, and Protector List visualizations. It is useful for understanding information about the installed Protectors.

Only protectors that perform security operations show up on the dashboard. Updating the IP address or the host name of the Protector shows the old and new entry for the protector.

This dashboard cannot be deleted. The dashboard is shown in the following figure.

The figure shows the Protector Inventory Dashboard.

The dashboard has the following panels:

  • Protector Family: Displays bar charts with information for the protector family based on the installation count of the protector.
  • Protector Version: Displays bar charts with information of the protector version based on the installation count of the protector.
  • Protector Count: Displays the count of the deployed protectors for the corresponding Protector Family, Protector Vendor, and Protector Version.
  • Protector List: Displays the list of protectors installed with information, such as, Protector Vendor, Protector Family, Protector Version, Protector IP, Hostname, Core Version, PCC Version, and URP count. The URP shows the security operations performed, that is, the unprotect, reprotect, and protect operations.

Viewing the Protector Status Dashboard

The protector status dashboard displays the protector connectivity status through a pie chart and a table visualization. This information is available only for v10.0.0 protectors. It is useful for understanding information about the installed v10.0.0 protectors. This dashboard uses status logs sent by the protector, so the protector which performed at least one security operation shows up on this dashboard. A protector is shown in one of the following states on the dashboard:

  • OK: The latest logs are sent from the protector to the ESA within the last 15 minutes.
  • Warning: The latest logs sent from the protector to the ESA are within the last 15 and 60 minutes.
  • Error: The latest logs sent from the protector to the ESA are more than 60 minutes.

Updating the IP address or the host name of the protector shows the old and new entry for the protector.

This dashboard shows the v10.0.0 protectors that are connected to the ESA. The status of earlier protectors is available by logging into the ESA and navigating to Policy Management > Nodes.

This dashboard cannot be deleted. The dashboard is shown in the following figure.

The figure shows the Protector Status Dashboard.

The dashboard has the following panels:

  • Connectivity status pie chart: Displays a pie chart of the different states with the number of protectors that are in each state.
  • Protector Status: Displays the list of protectors connectivity status with information, such as, Datastore, Node IP, Hostname, Protector Platform, Core Version, Protector Vendor, Protector Family, Protector Version, Status, and Last Seen.

Viewing the Policy Status Dashboard

The policy status dashboard displays the Policy and Trusted Application connectivity status with respective to a DataStore. It is useful to understand deployment of the DataStore on all protector nodes. This dashboard displays the Policy deploy Status, Trusted Application deploy status, Policy Deploy details, and Trusted Application details visualizations. This information is available only for v10.0.0 protectors.

The policy status logs are sent to the Audit Store. These logs are stored in the policy status index that is pty_insight_analytics_policy. The policy status index is analyzed using the correlation ID to identify the unique policies received by the ESA. The time duration and the correlation ID are then analyzed for determining the policy status.

The dashboard uses status logs sent by the protectors about the deployed policy, so the Policy or Trusted Application used for at least one security operation shows up on this dashboard. A Policy and Trusted Application can be shown in one of the following states on the dashboard:

  • OK: The latest correlation value of the logs sent for the Policy or Trusted Application to the ESA are within the last 15 minutes.
  • Warning: The latest correlation value of the logs sent for the Policy or Trusted Application to the ESA are more than 15 minutes.

This dashboard cannot be deleted. The dashboard is shown in the following figure.

The figure shows the Policy Status Dashboard.

The dashboard has the following panels:

  • Policy Deploy Status: Displays a pie chart of the different states with the number of policies that are in each state.
  • Trusted Application Status: Displays a pie chart of the different states with the number of trusted applications that are in each state.
  • Policy Deploy Details: Displays the list of policies and details, such as, Datastore Name, Node IP, Hostname, Last Seen, Policy Status, Process Name, Process Id, Platform, Core Version, PCC Version, Vendor, Family, Version, Deployment Time, and Policy Count.
  • Trusted Application Details: Displays the list of policies for Trusted Applications and details, such as, Datastore Name, Node IP, Hostname, Last Seen, Policy Status, Process Name, Process Id, Platform, Core Version, PCC Version, Vendor, Family, Version, Authorize Time, and Policy Count.

Data Element Usage Dashboard

The dashboard shows the security operation performed by users according to data elements. It displays the top 10 data elements used for the top five users.

The following visualizations are displayed on the dashboard:

  • Data Element Usage Intensity Of Users per Protect operation
  • Data Element Usage Intensity Of Users per Unprotect operation
  • Data Element Usage Intensity Of Users per Reprotect operation

The dashboard is displayed in the following figure. The figure shows the Data Element Usage Dashboard

Sensitive Activity Dashboard

The dashboard shows the daily count of security events by data elements for specific time period.

The following visualization is displayed on the dashboard:

  • Sensitive Activity By Date

The dashboard is displayed in the following figure. The figure shows the Sensitive Activity Dashboard

Server Activity Dashboard

The dashboard shows the daily count of all events by servers for specific time period. The older Audit index entries are not displayed on a new installation.

The following visualizations are displayed on the dashboard:

  • Server Activity of Troubleshooting Index By Date
  • Server Activity of Policy Index By Date
  • Server Activity of Audit Index By Date
  • Server Activity of Older Audit Index By Date

The dashboard is displayed in the following figure. The figure shows the Server Activity Dashboard

High & Critical Events Dashboard

The dashboard shows the daily count of system events of high and critical severity for selected time period. The older Audit index entries are not displayed on a new installation.

The following visualizations are displayed on the dashboard:

  • System Report - High & Critical Events of Troubleshooting Index
  • System Report - High & Critical Events of Policy Index
  • System Report - High & Critical Events of Older Audit Index

The dashboard is displayed in the following figure. The figure shows the High & Critical Events dashboard

Unauthorized Access Dashboard

The dashboard shows the cumulative counts of unauthorized access and activity by users into Protegrity appliances and protectors.

The following visualization is displayed on the dashboard:

  • Unauthorized Access By Username

The dashboard is displayed in the following figure. The figure shows the Unauthorized Access dashboard

User Activity Dashboard

The dashboard shows the cumulative transactions performed by users over a date range.

The following visualization is displayed on the dashboard:

  • User activity across Date range

The dashboard is displayed in the following figure. The figure shows the User activity dashboard