Out-of-the-box visualizations

Use the visualizations provided by Protegrity to create dashboards. Alternatively, use the configuration provided here as a template to create sample visualizations for viewing the information logged.

The configuration of visualizations created in the earlier versions of the Audit Store Dashboards are retained after the ESA is upgraded. Protegrity provides default visualizations with version 10.0.0. If the title of an existing visualization matches the new visualization provided by Protegrity, then a duplicate entry is visible. Use the date and time stamp to identify and rename the existing visualizations.

Do not delete or modify the configuration or details of the new visualizations provided by Protegrity.

Activity by data element usage count

Description: This graph displays the security operation count for each data element.

  • Type: Vertical Bar
  • Configuration:
    • Index: pty_insight_*audit_*
    • Metrics: Y-axis: Count
    • Buckets:
      • X-axis
        • Aggregation: Terms
        • Field: protection.dataelement.keyword
        • Order by: Metric:Count
        • Order: Descending
        • Size: 10
        • Custom label: Data Elements
      • Split series
        • Sub aggregation: Terms
        • Field: protection.operation.keyword
        • Order by: Metric:Count
        • Order: Descending
        • Size: 10

All activity by date

Description: This chart displays all logs trends as per the date.

  • Type: Line
  • Configuration:
    • Index: pty_insight_*audit_*
    • Metrics: Y-axis: Count
    • Buckets:
      • X-axis
        • Aggregation: Date Histogram
        • Field: origin.time_utc
        • Minimum interval: Auto

Application protector audit report

Description: This report uses AP python for generating the audit logs.

  • Type: Data Table
  • Configuration:
    • Index: pty_insight_*audit_*
    • Metrics: Y-axis: Count
    • Buckets:
      • Split rows
        • Aggregation: Terms
        • Field: protection.dataelement.keyword
        • Order by: Metric:Count
        • Order: Descending
        • Size: 50
      • Split rows
        • Sub aggregation: Terms
        • Field: protection.policy_user.keyword
        • Order by: Metric:Count
        • Order: Descending
        • Size: 50
      • Split rows
        • Sub aggregation: Terms
        • Field: origin.ip
        • Order by: Metric:Count
        • Order: Descending
        • Size: 50
      • Split rows
        • Sub aggregation: Terms
        • Field: protection.operation.keyword
        • Order by: Metric:Count
        • Order: Descending
        • Size: 50
      • Split rows
        • Sub aggregation: Terms
        • Field: additional_info.description.keyword
        • Order by: Metric:Count
        • Order: Descending
        • Size: 50
      • Split rows
        • Sub aggregation: Terms
        • Field: origin.time_utc
        • Order by: Metric:Count
        • Order: Descending
        • Size: 50

Policy report

Description: The policy report for the last 30 days.

  • Type: Data Table

  • Configuration:

    • Index: pty_insight_*audit_*
    • Metrics: Metric: Count
    • Buckets:
      • Split rows
        • Aggregation: Date Histogram
        • Field: origin.time_utc
        • Minimum interval: Auto
        • Custom label: Date & Time
      • Split rows
        • Sub aggregation: Terms
        • Field: client.ip.keyword
        • Order by: Metric:Count
        • Order: Descending
        • Size: 50
        • Custom label: Client IP
      • Split rows
        • Sub aggregation: Terms
        • Field: client.username.keyword
        • Order by: Metric:Count
        • Order: Descending
        • Size: 50
        • Custom label: Client Username
      • Split rows
        • Sub aggregation: Terms
        • Field: additional_info.description.keyword
        • Order by: Metric:Count
        • Order: Descending
        • Size: 50
        • Custom label: Additional Info
      • Split rows
        • Sub aggregation: Terms
        • Field: level.keyword
        • Order by: Metric:Count
        • Order: Descending
        • Size: 50
        • Custom label: Severity Level

Protection activity across datastore

Description: The protection activity across datastore and types of protectors used.

  • Type: Pie
  • Configuration:
    • Index: pty_insight_*audit_*
    • Metrics: Slice size: Count
    • Buckets:
      • Split chart
        • Aggregation: Terms
        • Field: protection.datastore.keyword
        • Order by: Metric:Count
        • Order: Descending
        • Size: 5
      • Split slices
        • Sub aggregation: Terms
        • Field: protection.operation.keyword
        • Order by: Metric:Count
        • Order: Descending
        • Size: 5

System daily activity

Description: This shows the system activity for the day.

  • Type: Line
  • Configuration:
    • Index: pty_insight_*audit_*
    • Metrics: Y-axis: Count
    • Buckets:
      • X-axis
        • Aggregation: Date Histogram
        • Field: origin.time_utc
        • Minimum interval: Auto
      • Split series
        • Sub aggregation: Terms
        • Field: logtype.keyword
        • Order by: Metric:Count
        • Order: Descending
        • Size: 10

Top 10 unauthorized access by data element

Description: The top 10 unauthorized access by data element for Protect and Unprotect operations for the last 30 days.

  • Type: Horizontal Bar
  • Configuration:
    • Index: pty_insight_*audit_*
    • Metrics: Y-axis: Count
    • Buckets:
      • X-axis
        • Aggregation: Terms
        • Field: protection.dataelement.keyword
        • Order by: Metric:Count
        • Order: Descending
        • Size: 10
        • Custom label: Data elements
      • Split series
        • Sub aggregation: Filters
        • Filter 1 - Protect: level=‘Error’
        • Filter 2 - Unprotect: level=‘WARNING’

Total security operations per five minutes

Description: The total security operations generated grouped using five minute intervals.

  • Type: Line
  • Configuration:
    • Index: pty_insight_*audit_*
    • Metrics: Y-axis: Count
    • Buckets:
      • X-axis
        • Aggregation: Date Histogram
        • Field: origin.time_utc
        • Minimum interval: Day
      • Split series
        • Sub aggregation: Terms
        • Field: protection.operation.keyword
        • Order by: Metric:Count
        • Order: Descending
        • Size: 5
      • Split chart
        • Sub aggregation: Terms
        • Field: protection.datastore.keyword
        • Order by: Alphabetical
        • Order: Descending
        • Size: 5
        • Custom label: operations

User activity operation count

Description: The count of total operations performed per user.

  • Type: Vertical Bar
  • Configuration:
    • Index: pty_insight_*audit_*
    • Metrics: Y-axis: Count
    • Buckets:
      • X-axis
        • Aggregation: Terms
        • Field: protection.policy_user.keyword
        • Order by: Metric:Count
        • Order: Descending
        • Size: 50
      • Split series
        • Sub aggregation: Terms
        • Field: protection.operation.keyword
        • Order by: Metric:Count
        • Order: Descending
        • Size: 5