Visualization of IBM Cloud offense data
The IBM Cloud Offense Overview dashboard helps security analysts to visualize potential offenses in IBM® Cloud, and can be organized in various ways to suit your needs.
- All users by magnitude
- All users by related rule
- Total offenses by MITRE tactic and rule (This chart is only available if IBM QRadar® Use Case Manager is installed.)
- Most severe offenses
- All users by number of offenses
- Magnitude level indicator
The offense data can be displayed in pie or bar chart format. To toggle the view, click the View Chart icon. By hovering over a section, you find out more details, such as what the color represents and the percentage of rules that are related to that representation. Display a legend of the rules and their colors by clicking Show legend. You can also toggle between viewing the information in graph or table format by clicking the View table icon in the All regions by magnitude and All regions by related rule charts.
If you want to view specific information on one of the charts, you can drill down into a list of offenses that are related to the location or user that you clicked. Drill down into a chart section for a related list of offenses. For example, you might want to see more information about an offense list that is related to a user and the rule that is depicted by the bar chart. To see this information, drill down to different levels of detail about an offense within that user, and then click an offense to view details in QRadar.
Along with the charts, you can learn more information about IBM Cloud offenses through the severe offenses table and the magnitude level indicator. The most severe offenses are listed in a separate table where you can click an offense to get more details. The magnitude level indicator shows the percentage of offenses per each magnitude. Hovering over the magnitude level indicator shows the average offense magnitude.
To ensure that the data is up-to-date, click Refresh in the overview title bar. You can also see when you last refreshed the page.
Trends
By clicking the Trends tab, you can see a trend of new offenses that are created over a specific time period. The tab will refresh on its own if it is reopened after more than 5 minutes. The default is set to view the offense creation timeline from the last 24 hours. You can also view an offense timeline for the last 7 days and the last 30 days. Only the timeline of new offenses is displayed.
If you want to save a snapshot of offense creation for a specific time, you can save chart data. The charts can be downloaded in PNG format through QRadar Cloud Visibility, so you can save these images and share them with managers and colleagues.
To return to the dashboard view, click the Current Status tab. The date and time range you want to view can be selected in the Filters sidebar for the Trends page.
Filters
The Offense dashboard has filters so you can choose the offenses that you want to view. These filters apply to the whole dashboard, not just one chart, and are different depending on which cloud service you are viewing. Access the Filters sidebar by clicking the filter icon () in the upper left of the page.
- Offense status
- Select the status type that you want to view in the overview charts: all open, only active, or closed.
- Offense Start Date
- Configure a date range to display in the charts for when offenses were first detected in QRadar Cloud Visibility.
- Magnitudes
- Select the magnitude of offenses you want to view in the overview charts. The graphs are also affected by the magnitudes you select.
- Log Source Types and Log Sources
- Select the log source types and specific log sources for the offenses you want to view.
Alternatively, you can also select all the log sources for the selected log source type.Note: As of QRadar Cloud Visibility V1.3.0, administrators can customize which log source types and log sources contribute to the dashboard.
- Users
- Select the user who is associated with the offenses you want to view.
- Rule Groups and Rules
- Select the groups or individual rules for the offenses you want to view.Note: The Other category contains contributing rules, such as custom rules and rules from different content packs. Consider tuning your rules if unintended rules appear in the dashboard.