Visualization of cloud offense data

The All Cloud Offenses Overview dashboard helps security analysts visualize potential cloud-related offenses, and can be organized in various ways to suit your needs.

The All Cloud Offenses Overview dashboard displays all open offense data in the following charts:
  • Top offense categories
  • Top log source types
  • Total offenses by MITRE tactic and rule (available only if IBM® QRadar® Use Case Manager is installed)
  • Most severe offenses
  • Most recent offenses

Trends

By clicking the Trends tab, you can see a trend of new offenses that are created over a specific time period. The tab will refresh on its own if it is reopened after more than 5 minutes. The default is set to view the offense creation timeline from the last 24 hours. You can also view an offense timeline for the last 7 days and the last 30 days. Only the timeline of new offenses is displayed.

If you want to save a snapshot of offense creation for a specific time, you can save chart data. The charts can be downloaded in PNG format through QRadar Cloud Visibility, so you can save these images and share them with managers and colleagues.

To return to the dashboard view, click the Current Status tab. The date and time range you want to view can be selected in the Filters sidebar for the Trends page.

Filters

The Offense dashboard has filters so you can choose the offenses that you want to view. These filters apply to the whole dashboard, not just one chart, and are different depending on which cloud service you are viewing. Access the Filters sidebar by clicking the filter icon (Filter icon) in the dashboard title bar.

Fine-tune the Cloud Offenses dashboard by applying the following filters:
Offense Status
Select the status type that you want to view in the overview charts: all open, only active, or closed.
Offense Start Date
Configure a date range to display in the charts for when offenses were first detected in QRadar Cloud Visibility.
Magnitudes
Select the magnitude of offenses you want to view in the overview charts. The graphs are also affected by the magnitudes you select.
Log Source Types and Log Sources
Select the log source types and specific log sources for the offenses you want to view. Alternatively, you can also select all the log sources for the selected log source type.

In QRadar Cloud Visibility 1.3.0 and later, administrators can use the All Cloud Offenses customization tab to customize which log source types and log sources contribute to the dashboard. For more information, see Configuring the All Cloud Offenses dashboard.

Cloud Offenses

Figure 1. Top cloud-related offense categories and top log source types
Charts showing top offense categories, top log source types, and total offenses by MITRE and rule
Figure 2. Most severe cloud-related offenses and most recent cloud-related offenses
Tables showing most severe cloud-related offenses and most recent cloud-related offenses