Importing sample dashboards

JSON files of preconstructed dashboards are available on the QRadar® Suite KQL data source configuration page. Use the sample dashboards as a reference for creating your own dashboards.

About this task

If you change a sample dashboard, you are prompted to save or overwrite your changes. If you want to save your changes to a new dashboard, click Save as. Otherwise, your changes are lost.
Important: If you save a copy of a sample dashboard, the unique identifier (UID) value in the dashboard's data link URL changes. Update both the UID value and name in the data link URL of any dashboards that reference the dashboard that you saved. For more information, see Configure data links (https://grafana.com/docs/grafana/latest/panels-visualizations/configure-data-links/).
Note:

The following sample dashboards are available for import.

Table 1. QRadar Suite sample dashboards
QRadar Suite KQL - [dashboard_name] Description
QRadar Suite KQL - Sample Dashboard Provides examples of basic KQL queries. The dashboard also provides examples of how returned data can be displayed on a Grafana dashboard.
QRadar Suite KQL - Network Overview Provides visibility into network activities. Use the dashboard insights into the most blocked and allowed traffic to help you determine which anomalies to focus on. This dashboard also provides insights into potential incorrect configurations; for example, if a known port is allowed when you want it to be blocked.
QRadar Suite KQL - SOC Insights Provides a series of statistics about an environment, which you can use to view trends over time. Use the greatest and least talker statistics to help you quickly identify potential anomalies. A talker is a host that sends data, either from your network or to your network.

Click the IP address or username to drill down, or pivot, on the dashboard.

QRadar Suite KQL - SOC Insights - User Overview Provides a series of visualizations for a user profile. The user is a parameter field that you can reach by using a drill down, or pivot, from a different dashboard. You can also update this field manually.
The user profile includes the following information:
  • Interactions with internal and external hosts.
  • Successful and unsuccessful login attempts.
QRadar Suite KQL - SOC Insights - Host Overview Provides a series of visualizations for a host profile. The host is a parameter field that you can reach by using a drill down, or pivot, from a different dashboard. You can also update this field manually.
The profile displays the host's activity, which includes the following information:
  • Users with direct or tangential relation to the host.
  • Frequency of talkers to and from the host. A talker is a host that sends data, either from your network or to your network.
  • Successful and blocked traffic to and from the host.
QRadar Suite KQL - SOC Insights - External Host Overview Provides a series of visualizations for an external host profile. The host is a parameter field that you can reach by using a drill down, or pivot, from a different dashboard. You can also update this field manually.
The profile displays the external host's activity, which includes the following information:
  • Users who are associated with the host IP address.
  • Event types and other hosts within the environment that the external host communicates with.

Procedure

  1. In your Grafana instance, from the navigation menu, click Administration > Data Sources.
  2. On the Data sources page, select the QRadar Suite KQL Plugin data source from the table.
  3. On the QRadar Suite KQL Plugin page, click the Dashboards tab.
  4. Find the row of the sample dashboard that you would like to import and click Import.
  5. From the navigation menu, click the Dashboards icon (Grafana Dashboards icon).
  6. On the Dashboards page, click the sample dashboard that you imported.
    The sample dashboard is displayed.