Working with threat diagnostic dashboards
A dashboard that is invoked from a specific threat case in either the Suspected malicious STP Cases (stored procedures) or Suspicion SQL Injection Attacks report is called a threat diagnostic dashboard.
A threat diagnostic dashboard performs much like other investigation dashboards, except that the dashboard for that case is populated with the data from the suspicious events (db user, server, objects, etc.) and uses different charts to provide different views of the event and surrounding events that may be helpful in investigating the possible attack. The relevant search and outlier data is also available on the same dashboard page as the charts.
In many cases, you will not need to change any of the preexisting filters for the predefined threat diagnostic dashboards. However, if you want to do some of your own comparative analysis, you can modify the preexisting filters.
See Investigation Dashboard for more information on working with dashboard and chart filters.
Reference data is a set of predefined, chart-specific filters, for Threat Detection Analytics only, that show data similar to the case you’re investigating but not included in the general dashboard filter. Reference data cannot be changed by users. Hover over the filter icon in each chart to see the Reference Data.
- Server: 8.34.223.145
- DB user: USER1
- Database: 8.4.134.213:31.5.12
- DB type: MYSQL
- Object: stp1_name
The chart for DB user can include reference data for similar DB users, such as USER2, USER3 and USER4. This enables you to compare the activities of the suspected user with similar users, even though those additional users are not included on the general dashboard filters.
Not all fields include associated reference data. Any field for which there is no predefined reference filter is filtered as on the dashboard.
In some charts, filters can be inactivated so that you can compare data regardless of the filters chosen for the entire dashboard. This gives a wider picture of the activity.
Click the filter icon to open the Chart Filter Settings, and make modifications.