The Overview dashboard is the starting point for threat hunting. Use this dashboard to get a complete overview of all the activities in your IBM® QRadar® environment and as a data source of current activity. Set the Overview dashboard as default in QRadar Pulse, if you need to access it frequently.
The widgets on the Overview dashboard provide the following information:
- Network summary.
- Insights into the largest volume communications.
- Insights into ingress and egress communications. For example, R2L “Remote to Local” or L2R “Local to Remote” communication.
- Top sources and destinations.
- Views into traffic volume over time and the breakdown of flow direction, application, and associated networks.
- Insights into long running flow sessions.
- Superflow detection.
- QRadar Network Insights (QNI) entity alerts and confidential content over the network.
- Most and least common applications and QNI content types.
- Largest file transfers with integration into the X-Force® Exchange on click.
The following table describes ways that you can use the Overview dashboard widgets to navigate to other screens:
|Overview dashboard widgets||Screens|
|Top Sources by Traffic Volume||Click a row to go to the IP Details dashboard.|
|Top Destinations by Traffic Volume||Click a row to go to the IP Details dashboard.|
|Longest Flow Sessions||Click a row to view the flow records in the Network Activity tab.|
|Most Common Applications by Session Count||Click a bar to go to the Application Details dashboard.|
|Least Common Applications by Session Count||Click a bar to go to the Application Details dashboard.|
|QNI Largest File Transfers||Click a row to go to the X-Force Exchange page for the specific MD5 File Hash.|