Creating, saving, and exporting investigation dashboards

About this task

There are many ways of filtering the data in the dashboard. Filter sets can be private or shared. For example, a person who is knowledgeable about the environment can set up relevant filters. This person can create the filters for a specific investigator and then share the filter with that role. You cannot change and save the predefined system dashboards under their original names.
Important: All investigation dashboards are public. When a dashboard is saved, all users who have access to dashboards also have access to the saved dashboard through the dashboard menu. In addition, if you save a dashboard as the default dashboard, all users see that default.
You can use the same dashboards with different filter sets, depending on what data you want to see.
Example: Your dashboard includes an activity chart that shows the activities of database users with a breakdown by client IP. You want to view the same data filtered by different databases, such as HR versus Financial. You might want to add different command types for each database as well.

  • Filter 1: by database HR, by verb SELECT

  • Filter 2: by database FINANCIAL, by verb UPDATE

You can open the same dashboard and toggle through the different filter sets associated with that chart by using the backward and forward icons above the Active filters list.

Any investigation dashboards, including threat diagnostics, can be encrypted and exported for sharing. Only the dashboard definitions are exported, not the filters.

If you have a dashboard that is configured with a good set of charts for investigating particular incident types, you can share this knowledge with other Guardium users without including actual attack data or revealing the filters.

Procedure

  1. To save the current display, click the star icon.
  2. To save a dashboard with a different name for modification and subsequent use, click the save as new icon, and save it with a descriptive name and optionally a category. You can also define a category when you save the dashboard. The name and category can include spaces. To retrieve the dashboard later, click the navigation icon to open the dashboard menu.
  3. To export investigation dashboards, go to Manage > Data Management > Definitions Export. From the Type menu, select Investigation Dashboard and select the dashboard definitions to export. Then, click Export.