Adding a Table to Group Source IP Addresses by Event Fidelity
To add a table that groups source IP addresses by fidelity to your custom dashboard:
-
Click the Visualize menu and locate the Custom menu block.
-
Click the dashboard you want to edit. The dashboard appears.
-
Click Edit. The display switches to the editing canvas.
-
Click New table. The Chart Builder dialog box appears.
-
Enter the Chart Name. Ours is Source IPs by Fidelity. This field does not support multibyte characters.
Special characters are not permitted in name fields for Queries, Lookup lists, Reports/Dashboards. Letters, underscores, spaces, dashes, numbers and periods are permitted.
-
Choose the Tenant. We chose All Tenants.
-
Choose the Indices. We chose Security Events.
-
Leave the query as None. The query is optional.
-
Choose Groupings for the Table Type.
-
Click Next. The Groupings tab appears.
-
Click + Add Grouping twice to add a total of three groupings. The groupings are processed sequentially, and you can move them to change the configuration.
-
Open the Column 1 grouping.
-
Enter a better Column Label. We chose Fidelity.
-
Choose Range for the Aggregation.
-
Choose fidelity for the Field.
-
Click + Add Grouping thrice.
-
For the first range:
-
Name: less than 30
-
≥: 0
-
<: 30
-
-
For the second range:
-
Name: 30 to 70
-
≥: 30
-
<: 70
-
-
For the third range:
-
Name: greater than 70
-
≥: 70
-
<: 100
-
-
Open the Column 2 grouping.
-
Enter a Column Label. We chose Source IP Address.
-
For the remaining fields:
-
Aggregation: Term
-
Field: srcip
-
Metric: Count
-
Order: Descending
-
Size: 5
-
-
Open the Column 3 grouping.
-
Enter a Column Label. We chose Number.
-
For the remaining fields:
-
Aggregation: Metric
-
Metric: Count
-
-
Click Next. The Options tab appears.
-
Click Submit. The table is added and the editing canvas appears.
-
Click Save. The dashboard appears with your new table.
