A Summary Dashboard displays the metrics for many devices in a spreadsheet format. Unlike the widget dashboard that shows a few metrics in one widget, a Summary Dashboard can simultaneously show many more metrics. This often allows rapid diagnostics. FortiSIEM calculates and maintains these metrics in an in-memory database inside Query Master module.

Note: RBAC for Summary dashboard is controlled by hiding by Device Group and not by Data Condition. If you want to hide a group of devices in Summary dashboard for a role, hide the Device Group in the role. The user should not be able to choose the devices from the Device Group.

• Creating a Summary Dashboard
• Data Source
• Managing Devices in a Summary Dashboard
• Changing Display Columns
• Changing Refresh Interval
• Forcing a Refresh
• Searching a Summary Dashboard

Creating a Summary Dashboard

When you create a new dashboard, choose Summary Dashboard as Type.

Data Source

The source of data in a Summary Dashboard is the performance and availability monitoring metrics and incidents. To see the metrics that can be displayed, click the column icon. The left table shows the event types and the middle table shows the available metrics for the selected event type. These metrics can be displayed in a Summary Dashboard. Custom attributes from custom monitoring may also be displayed after they are defined.

In addition to metrics, the following are shown:

• Performance, Availability and Security incident counts
• Performance, Availability and Security Status each derived from respective incident severities

Managing Devices in a Summary Dashboard

When you create a Summary Dashboard for the first time, no devices are displayed.

Complete these steps to add devices to the dashboard:

1. Click the device icon.
2. Choose devices to display from the Available Devices list and click the right arrow button.
3. Click OK.

If the devices do not display in the dashboard, check the pre-defined filters for Severity. You may want to set Severity to All Severities to see the device recently added. When there are a large number of devices being monitored, you may want to show only the devices with Critical + Warning severity, as they would need attention.

Complete these steps to remove a device from the dashboard:

1. Click the device icon.
2. Choose devices to display from the Selected Devices list and click the left arrow button.
3. Click OK.

Changing Display Columns

Complete these steps to change the pre-defined set of display columns in the Summary Dashboard:

1. Click the columns icon.
2. To remove a column, choose the column from the Selected Columns list and click the left arrow button.
3. To add a new column:
   1. Select an Event Types on the left-most tab
   2. Choose the Columns from the middle tab corresponding to the selected Event Types.
   3. Click right arrow.
4. Click OK.

Changing Refresh Interval

Select the refresh interval from the drop-down menu on the top-right menu.

Forcing a Refresh

To update the whole dashboard click the refresh icon on top-right menu.

Searching a Summary Dashboard

You can search for specific devices by entering values in the search field.

1. Select the fields to search by clicking the search icon.
2. Enter the search string in the search field.

You can also filter from the three pre-defined drop-down lists:

• Severity
• Organizations
• Locations

You can set the location property for devices from ADMIN > Settings > Discovery > Location.