Investigation Dashboard for data
The investigation dashboard is a preset group of charts and a table that help you understand what is happening in your system at any given time, and upon which you can build your own customized dashboards.
There are four default views for data activity monitoring, each with different charts and tables. Select the view from the dashboard menu . The default views cannot be modified.
The default dashboards contain data for the last hour presented in one or more of:
- Trimetric charts (3–axis data graphs). The default view is a color map. Additional views are bar graph, bubble graph, line graph, pie graph, step graph, and area graph.
- Results table: provides the search results and investigation features of the original quick
search. The Results Table is always at the bottom of the dashboard. It can be added to any
dashboard. Tabs are:
- Activity: Summary and Details tabs. Each row in the Summary tab gives the number of instances of recorded activities per server–DB pair and the number of DB types. The Detailed Summary adds the count of Source Programs, DB users, OS users, Client hostname, Client IP, and date. Each row in the Details tab gives full details on one activity.
- Outliers Summary and Details tabs: see Interpreting data outliers in the investigation dashboard.
- Errors Summary and Details tabs: Summary and Details tabs. Each row in the Summary tab gives the number of instances of reported errors per server and the number of DB types and DB users. The Detailed Summary adds the number of Client IPs, error types and dates. Each row in the Details tab gives full details on one error.
- Violations Summary and Details tabs. Each row in the Summary tab gives the number of instances of recorded violations per server–DB pair and the number of DB types. The Detailed Summary adds the count of Source Programs, DB users, OS users, Client hostname, Client IP, severity, violation, and date. Each row in the Details tab gives full details on one violation.
- Vulnerability Assessments Summary and Details tabs. These tabs show the last results per VA test. For example, a test that runs daily has daily updated results. The data is kept for 90 days. If a test wasn't executed during the last 90 days, the results are purged.
Additional views that you can add or open, all from the Add Chart drop-down except the topology view:
- Topology view: see Using the topology view
- Animated bubble chart: an animated visualization of data changes over the last 48 hours. The chart depicts the behavior of objects over a period of 24 hours. Each object is depicted as a circle, and its area and position (x and y axis) represent three user-selected variables. The animation represents the object's behavior over the 24 hours. Access from the Add Chart drop-down.
- Sankey chart: This chart presents four dimensions (and their relationships) in one view, giving a more complete and fluid view on the data. It is an extremely useful graph for investigating filtered data of a specific Alert, Outlier, Report, and Threat. See Using the Sankey chart
- Activity chart: a line chart that displays the volume of activity and outliers, located above the Results table. Access from the Add Chart drop-down.
- Data in-sight: 3D visualization of data activity, see Using Data In-Sight.
Controls and options on this page:
- A categorized facet list of Where, Who, What, Exception, and When, from the search results, appears on the left side of every dashboard and cannot be removed. Filter the entire dashboard by the specific facets, by expanding the list and clicking individual facets.
- The Active Filters row at the top of the window shows the current filters. Delete filters by clicking the .
- Big Data Intelligence only: Select Guardium System or GBDI - Guardium Big Data Intelligence.
- Search field: free text search that filters the results in all fields simultaneously,
irrespective of facet and no case-sensitivity. Exceptions:
- Anomaly score does not support < or >
- Searching in a specific field is case-sensitive. For example, when searching "Source Program=nnnnn" nnnn must match a value in the facets.
- Escaping backslash (\) characters: To correctly escape a backslash character for use in a query condition, use two backslash characters. For example, to specify domain\user you need to enter domain\\user.
- The summary tabs do not support free search.
- Distributed search: see Local and distributed search
- Time period for which data is presented: modify by clicking the drop-down in the upper right corner. Options are last 1 hour, last 3 hours, last 1 day, last 3 days, any time period you specify. Default is one hour. If you select GBDI - Guardium Big Data Intelligence, the time period options are last 1 day, last 3 days, last 1 week, last 3 weeks, any time period you specify. The time period includes a time zone setting, by default the current Guardium system’s time zone. Data is reported according to this time zone.
- Filters drop-down: see Filtering data and saving filters in the investigation dashboard
- : see Creating, saving, and exporting investigation dashboards