SIEM Dashboards&Reports
W
William Spence
I currenty utilize a SIEM tool that I really like as it gives me the functionality to go hunt myself. but there are also dashboards that are premade that report on things such as
Executive Dashboard:
Top Browsing Categories
Remote Access Tool Usage
RDP Avvess by User
Windows account creation
Windows account Lockouts
O365 Logon activity by user and location
SPAM Recipients
Account Lockouts
Top Alert Generating Accounts
Security Dashboard
Alerts by Host
Top Blocked Domains
Top 10 DNS Hostnames
Mitre Attack Tactics
Top Web Proxy Categories
Interactive logons Off hours
Alternate credential logins (ex.Run as)
Interactive Logins
Top O365 Security Evensts
Its easy to look at and then if i want i can drill into it as well
I would love to see this with the SIEM tool
W
Will Spence
A nice clean dashboard with these tiled so we could quickly glance at the data for any thing out of place. As the MSP we know the client best so we should be able to recognize some off with these categories of events. It would also be neat to be able to build a tile dashboard of queries we define.
L
Lilliam'la Nikolaus'la
I'd definitely like to see a cleaned up, good-looking executive report I could generate for my clients.
J
Jonathan Pilkington
Agreed a dashboard would be great and allow you to see what is currently going on at a glance.