Adding a Table to Group Source IP Addresses by Event Fidelity
To add a table that groups source IP addresses by fidelity to your custom dashboard:
-
Click the Visualize menu and locate the Custom menu block.
-
Click the dashboard you want to edit. The dashboard appears.
-
Click Edit. The display switches to the editing canvas.
-
Click New table. The Chart Builder dialog box appears.
-
Enter the Chart Name. Ours is Source IPs by Fidelity. This field does not support multibyte characters.
Special characters are not permitted in name fields for Queries, Lookup lists, or Reports/Dashboards. Letters, underscores, spaces, dashes, numbers and periods are permitted.
-
Choose the Tenant. We chose All Tenants.
-
Choose the Indices. We chose Security Events.
-
Leave the query as None. The query is optional.
-
Choose Groupings for the Table Type.
-
Click Next. The Groupings tab appears.
-
Click + Add Grouping twice to add a total of three groupings. The groupings are processed sequentially, and you can move them to change the configuration.
-
Open the Column 1 grouping.
-
Enter a better Column Label. We chose Fidelity.
-
Choose Range for the Aggregation.
-
Choose fidelity for the Field.
-
Click + Add Grouping thrice.
-
For the first range:
-
Name: less than 30
-
≥: 0
-
<: 30
-
-
For the second range:
-
Name: 30 to 70
-
≥: 30
-
<: 70
-
-
For the third range:
-
Name: greater than 70
-
≥: 70
-
<: 100
-
-
Open the Column 2 grouping.
-
Enter a Column Label. We chose Source IP Address.
-
For the remaining fields:
-
Aggregation: Term
-
Field: srcip
-
Metric: Count
-
Order: Descending
-
Size: 5
-
-
Open the Column 3 grouping.
-
Enter a Column Label. We chose Number.
-
For the remaining fields:
-
Aggregation: Metric
-
Metric: Count
-
-
Click Next. The Options tab appears.
-
Click Submit. The table is added and the editing canvas appears.
-
Click Save. The dashboard appears with your new table.