Transcript
In this video, we are going to take a quick tour of the security analytics dashboard in Log360. When it comes to security monitoring, context is everything. The security analytics dashboard brings your detections together in one place. So in just a few clicks, you'll know what's happening and what to do next. So how do we access this dashboard? In your Log360 console, click on the security tab. That will bring you right into the security analytics view. And before we proceed any further, make sure your detection rules are active and properly configured because the insights here are powered by those rules. Right at the top, you'll notice four numbers. These give you a snapshot of detection by severity. All rules give you the total number of detections across the board. Trouble rules highlight the detection you really can't ignore. Trouble rules cover medium level risks that deserve a closer look. And attention rules show lower level anomalies, which are basically early warning signs. Each tile shows you whether detections are trending up or down. So you can spot spikes at a glance. And if you want more context, just click on any of these to see a detailed breakdown with columns like rule name, user, log source, and even MITRE attack mapping. You can also export the data in just a click. Moving on to dashboard widgets, below the metrics, you'll see a series of widgets. These aren't just charts. They give you different perspectives on your detections, helping you spot patterns and outliers quickly. Let's go through them. Detection pipeline. This shows the flow of detections and alerts broken down by severity. It's a great way to see at a glance how events are being escalated. With the detection by tactics widget, you can see which tactics attackers are using, like initial access, privilege escalation, or lateral movement. So you know which stages of an attack lifecycle are most active in your environment. Recent detections is your real time feed. It lists the latest triggered events along with details like the rule name, user, log source, and map tactics. Click into any detection and you'll get the full context. Who was involved, what system it came from, associated IPs, tags, and even mitigation recommendations. Top 5 users by detections. This chart highlights the users most associated with detections. If one account suddenly jumps to the top, that could signal a compromise or insider threat. Top 5 log sources by detections. Similar idea, but focused on devices. This helps you identify which systems are generating the most alerts, so you know where to focus your hardening efforts. Top 10 detections by rules. This ranks the most frequently triggered rules. It's useful for spotting recurring threats or fine tuning rules if you're seeing too many false positives. Next is detection trends. And finally, this widget shows detection activity over time, split by severity. It's perfect for spotting spikes, anomalies, or just understanding historical patterns. Each widget can be expanded for more detail or refreshed to make sure you're looking at the most up-to-date data. You also have a couple of handy controls here. You can adjust the time range to analyze detections over any custom or predefined period. That's great if you want to focus on just today, the past week, or a specific investigation window. And the manage rules option takes you straight into rule management, so you can adjust or fine tune the very rules that feed this dashboard. And that brings us to the end of our tour of the security analytics dashboard. You've seen how it gives you quick snapshots for fast decision making, widgets that break detections into patterns and trends, and MITRE mapping for valuable context. Altogether, it's designed to help you cut through noise and focus on what matters most. If you'd like to know more about Lock360 and how it can help your organization, contact our technical experts today.
