Widget Dashboard
A Widget Dashboard displays a graphical view of FortiSIEM reports. The reports can be from CMDB data or Event data. The reports can be Top N type aggregated reports or non-aggregated reports, likely displaying raw messages. Aggregated reports can be displayed in various forms: gadgets, bar, donuts, tables, line, stacked line, scatter plot, heat maps, tree maps, and geo-maps.
- Creating a Widget Dashboard
- Data Source
- Populating a Widget Dashboard
- Modifying Widget Dashboard Layout
- Modifying Widget Information Display
- Searching in a Widget Dashboard
- Drill-down into a Widget
- Exporting Widget Dashboard Definition
- Importing Widget Dashboard
- Forcing a Refresh
Creating a Widget Dashboard
When you create a new dashboard, choose Widget Dashboard as the Type.
Data Source
All Event data and CMDB Data can be used to populate a Widget Dashboard.
Populating a Widget Dashboard
You can add up to a maximum of 20 event reports or CMDB reports to a Widget Dashboard. Complete these steps to add a report to a Widget Dashboard:
- Make sure the report of your choice exists. CMDB Reports can be found in CMDB > CMDB Reports. Event Reports can be found in RESOURCES > Reports.
- If the report exists, then run the report to make sure that data is accurate and the fields you want to see are present. Do not choose too many columns in a dashboard view, as may clutter the dashboard.
- If the report does not exist, then create the report and Save it. You can save it in a folder for easy navigation.
- Go to DASHBOARD tab. Select the dashboard folder from the drop-down list.
- Click + below the dashboard folder drop-down list. Select the report from the menu and click > to display it on the dashboard.
The report will run and the results will be displayed in the Widget Dashboard.
Modifying Widget Dashboard Layout
You can select one of two Widget Dashboard layouts from the Layout drop-down list on top-right menu of dashboard:
- Tile view - widgets can be of non-uniform size and can be dragged around the dashboard space.
- Column view - widgets are arranged in a fixed number of columns (1 or 3) in the dashboard space.
Modifying Widget Information Display
- Click the tools icon on the top-right of the widget to open the Settings page.
- To change the title, enter a new Title.
- To change the chart format, choose a new Display from the available choices, only if it is relevant for the report. FortiSIEM Charts and Views describes the available charts.
- To change the time duration of the report, choose a different Time.
- To modify the size of the widget, choose a different Width and Height. Widgets displayed in tabular formats typically take more width and height compared to Single Line view.
- To display more or fewer entries, choose the appropriate Result Limit. Note that a larger result limit may require more width and height.
- For a Service Provider installed in a Super/Global view, choose the Organizations to run the report for. This option is available if you run reports from the Super/Global view.
- To change the chart refresh interval, select the appropriate Refresh Interval. Reports will be re-run periodically at specified refresh intervals.
- To change the Trend Interval, select one of the following from the drop-down list:
Auto - (Default) Query is handled normally.
Hourly - Select this configuration for proper chart display if you want to check the data hourly.
Daily - Select this configuration for proper chart display if you want to check the data daily.
Weekly - Select this configuration for proper chart display if you want to check the data weekly. - Select Display Settings for the specific Display chosen before. FortiSIEM Charts and Views describes the required settings for each of the charts.
If the report contains nested query report, select a time range from “Nested Time” drop-down list for the inner query.
- Click Save.
Searching in a Widget Dashboard
You can search data for specific event attributes simultaneously in all the widgets in a dashboard. To do this, click the Filter button on left and select the values. You can search on any field that appears in at least one widget on a dashboard.
For example, if you choose to Filter on IP = 10.1.1.1, then only the entries for Source IP or Destination IP or Host IP = 10.1.1.1 are shown on all the widgets.
Note the following:
- The values you can search are pre-populated by searching through the data in various widgets. You can only search for a value if it is present in any widget on the dashboard.
- Without filters, a dashboard shows pre-computed results – so they load quickly. However, when you search, all the reports in the Widget Dashboard are run in an ad hoc mode. Subsequently, search results may return relatively slowly.
Drill-down into a Widget
To analyze the results shown in a widget further, click the magnifying glass icon on the top-right of the widget. This will take you to the ANALYTICS tab. The same query will be re-run slightly differently:
- Time conditions are maintained
- Filter conditions are maintained
- Aggregation conditions are removed and the field values and the raw messages are shown directly
This enables users to better understand the widget results. For example, if a column like AVG(CPU) is high over a time duration, then drill down shows all the individual CPU values over the time duration so that you can quickly go to the time when CPU spiked.
Exporting Widget Dashboard Definition
If you want to create the same dashboard in another FortiSIEM, or share with another user, or create the same dashboard for another Organization in a Service Provider FortiSIEM instance, use the export/import feature.
To export the dashboard definition, click the export button on top-right. The definition will be saved in a file, which then can be imported into another FortiSIEM Widget Dashboard.
Importing a Widget Dashboard
To import a dashboard widget, click the import button on top-right and select the file. The imported file must be exported from another FortiSIEM Widget Dashboard.
Forcing a Refresh
To update the whole dashboard, click the refresh icon on the top-right menu.