Log activity
The Log Activity dashboard items will allow you to monitor and investigate events in real time.
| Dashboard item | Description |
|---|---|
| Event Searches | You can display a custom dashboard item that is based on saved search criteria from the Log Activity tab. Event search items are listed in the menu. The name of the event search item matches the name of the saved search criteria the item is based on. QRadar includes default saved search criteria that is preconfigured to display event search items on your Dashboard tab menu. You can add more event search dashboard items to your Dashboard tab menu. For more information, see Adding search-based dashboard items to the Add Items list. On a Log Activity dashboard item, search results display real time last-minute data on a chart. The supported chart types are time series, table, pie, and bar. The default chart type is bar. These charts are configurable. Time series charts are interactive. You can magnify and scan through a timeline to investigate log activity. |
| Events By Severity | The Events By Severity dashboard item displays the number of active events that are grouped by severity. This item will allow you to see the number of events that are received by the level of severity assigned. Severity indicates the amount of threat an offense source poses in relation to how prepared the destination is for the attack. The range of severity is 0 (low) to 10 (high). The supported chart types are Table, Pie, and Bar. |
| Top Log Sources | The Top Log Sources dashboard item displays the top 5 log sources that sent events to QRadar within the last 5 minutes. The number of events that are sent from the specified log source is indicated in the pie chart. This item will allow you to view potential changes in behavior, for example, if a firewall log source that is typically not in the top 10 list now contributes to a large percentage of the overall message count, you should investigate this occurrence. The supported chart types are Table, Pie, and Bar. |