Dashboard

FortiSIEM includes different types of dashboards to understand the data it collects and the incidents that are triggering in the system:

You can set the Dashboard Home, Dashboard Theme and Dashboards to be visible on opening the FortiSIEM under ADMIN > General Settings > UI > UI Settings. Refer to System Settings for the procedure to configure these settings.

Summary Dashboards

Summary dashboards show a near real-time view of health, up-time, incidents and other key performance metrics of many devices in a single spreadsheet format – each row is a device and each column is a metric. Cells are color-coded (Red, Yellow, Green) to highlight the values when they cross certain customizable limits. The advantage of this type dashboard is that user can simultaneously compare many metrics of many devices from a single view and instantaneously spot issues. User can customize the groups of devices and the corresponding metrics. User can build multiple Summary dashboards. FortiSIEM has developed an in-memory database that powers this dashboard – continuous querying event database does not scale.

Summary dashboards that shows multiple metrics for the device in a single line. This enables users to see multiple metrics of the same device in one view. Summary dashboards are best used for gathering information about individual infrastructure components in operational time.

Widget Dashboards

Widget dashboards offer the more traditional Top N dashboard view – one chart for one metric. Many chart types – Gauge, Table, Bar, Donut, Map, Line, Combo (Table and Line), Tree Map, and Heat Map. Any FortiSIEM Report – whether it is report on Events or on CMDB – can be added to a Widget dashboard. FortiSIEM Widget Dashboards has 3 distinctive advantages.

  • Color Coding – Items in each widget can be color coding based on thresholds – this can quickly help user to spot problems
  • Dynamic Search – User can filter the entire dashboard by Host Name or IP Address and quickly
  • Streaming Computation – the reports in the widget dashboard are computed in a streaming mode without making repeated queries to the event database. This makes the dashboards fast to load.

Widget dashboards are best for viewing aggregated metrics based on historical search, which are generally presented in the form of a graph or chart. From the widget view of information, you can drill down to view and modify the underlying historical search. The following table shows the Widget Dashboard GUI Controls.

UI Control Description
Drill Down Hover your mouse cursor over the right upper corner of the widget to access this control. Select a line displayed in the widget to drill down to the historical search associated with that metric. You can then run or modify the search.
Edit Settings Hover your mouse cursor over the right upper corner of the widget to access this control. Edit the settings associated with the widget. These include:
  • Title - the title of the report
  • Display - select the type of chart you would like the widget to display
  • Width - select the width of the dashboard widget
  • Height - select the width of the dashboard widget
  • Result Limit - how many results should be included in the report
  • Refresh Interval - how often the data should be refreshed
  • Run report for- for multi-tenant deployments, select the organization that the widget should report on
Remove Hover your mouse cursor over the right upper corner of the widget to access this control. Click this control to remove the widget from the dashboard
Event Info Hover your mouse cursor over a line in a report to view the Quick Info for the associated Event Type, or select Drill Down to view, edit, and run the associated historical search.
Add Report At the top of each widget dashboard is a button to add more widgets to the dashboard.

Business Service Dashboards

Business Service Dashboards provide a top-down view of Business Service health. You can see the incidents related to each Business Service and then drill-down on the impacted devices and incidents.

Identity and Location Dashboards

Identity and Location dashboards provide a tabular view of network identity to user identity mappings.

The following topics provide information about using FortiSIEM Dashboard: