Visualization of cloud offense data
The All Cloud Offenses Overview dashboard helps security analysts visualize potential cloud-related offenses, and can be organized in various ways to suit your needs.
- Top offense categories
- Top log source types
- Total offenses by MITRE tactic and rule (available only if IBM® QRadar® Use Case Manager is installed)
- Most severe offenses
- Most recent offenses
Trends
By clicking the Trends tab, you can see a trend of new offenses that are created over a specific time period. The tab will refresh on its own if it is reopened after more than 5 minutes. The default is set to view the offense creation timeline from the last 24 hours. You can also view an offense timeline for the last 7 days and the last 30 days. Only the timeline of new offenses is displayed.
If you want to save a snapshot of offense creation for a specific time, you can save chart data. The charts can be downloaded in PNG format through QRadar Cloud Visibility, so you can save these images and share them with managers and colleagues.
To return to the dashboard view, click the Current Status tab. The date and time range you want to view can be selected in the Filters sidebar for the Trends page.
Filters
The Offense dashboard has filters so you can choose the offenses that you want to view. These filters apply to the whole dashboard, not just one chart, and are different depending on which cloud service you are viewing. Access the Filters sidebar by clicking the filter icon () in the dashboard title bar.
- Offense Status
- Select the status type that you want to view in the overview charts: all open, only active, or closed.
- Offense Start Date
- Configure a date range to display in the charts for when offenses were first detected in QRadar Cloud Visibility.
- Magnitudes
- Select the magnitude of offenses you want to view in the overview charts. The graphs are also affected by the magnitudes you select.
- Log Source Types and Log Sources
- Select the log source types and specific log sources for the offenses you want to view.
Alternatively, you can also select all the log sources for the selected log source type.
In QRadar Cloud Visibility 1.3.0 and later, administrators can use the All Cloud Offenses customization tab to customize which log source types and log sources contribute to the dashboard. For more information, see Configuring the All Cloud Offenses dashboard.