Importing sample dashboards
JSON files of preconstructed dashboards are available on the QRadar® Suite KQL data source configuration page. Use the sample dashboards as a reference for creating your own dashboards.
About this task
Important: If you save a copy of a sample dashboard, the unique
identifier (UID) value in the dashboard's data link URL changes. Update both the UID value and name
in the data link URL of any dashboards that reference the dashboard that you saved. For more
information, see Configure data links
(https://grafana.com/docs/grafana/latest/panels-visualizations/configure-data-links/).
Note:
The following sample dashboards are available for import.
QRadar Suite KQL - [dashboard_name] | Description |
---|---|
QRadar Suite KQL - Sample Dashboard | Provides examples of basic KQL queries. The dashboard also provides examples of how returned data can be displayed on a Grafana dashboard. |
QRadar Suite KQL - Network Overview | Provides visibility into network activities. Use the dashboard insights into the most blocked and allowed traffic to help you determine which anomalies to focus on. This dashboard also provides insights into potential incorrect configurations; for example, if a known port is allowed when you want it to be blocked. |
QRadar Suite KQL - SOC Insights | Provides a series of statistics about an environment, which you can use to view trends over
time. Use the greatest and least talker statistics to help you quickly identify potential anomalies.
A talker is a host that sends data, either from your network or to your network. Click the IP address or username to drill down, or pivot, on the dashboard. |
QRadar Suite KQL - SOC Insights - User Overview | Provides a series of visualizations for a user profile. The user is a parameter field that
you can reach by using a drill down, or pivot, from a different dashboard. You can also update this
field manually. The user profile includes the following information:
|
QRadar Suite KQL - SOC Insights - Host Overview | Provides a series of visualizations for a host profile. The host is a parameter field that
you can reach by using a drill down, or pivot, from a different dashboard. You can also update this
field manually. The profile displays the host's activity, which includes the following information:
|
QRadar Suite KQL - SOC Insights - External Host Overview | Provides a series of visualizations for an external host profile. The host is a parameter
field that you can reach by using a drill down, or pivot, from a different dashboard. You can also
update this field manually. The profile displays the external host's activity, which includes the
following information:
|
Procedure
- In your Grafana instance, from the navigation menu, click .
- On the Data sources page, select the QRadar Suite KQL Plugin data source from the table.
- On the QRadar Suite KQL Plugin page, click the Dashboards tab.
- Find the row of the sample dashboard that you would like to import and click Import.
-
From the navigation menu, click the Dashboards icon (
).
-
On the Dashboards page, click the sample dashboard that you
imported.
The sample dashboard is displayed.