How to Create a Dashboard in Logger

Go to Search Analyze
Execute the following queries, then from Chart Settings

1. TippingPoint Signature Events

deviceVendor != "ArcSight" | top deviceAddress | rename _count as Signatures | rename deviceAddress
as "TippingPoint Device"

2. Top 10 Drops from Firewall

categoryDeviceGroup = "/Firewall" AND categoryObject STARTSWITH "/Host/Application/Service" AND
(categoryBehavior STARTSWITH "/Access" OR categoryBehavior = "/Communicate/Query") AND
categoryOutcome = "/Failure" | top sourceAddress | rename _count as Drops | rename sourceAddress
as "Source Address"

3. Microsoft_Top_10_Failed_Login_Users
deviceProduct = "Microsoft" AND categoryObject STARTSWITH "/Host/Application/Service" AND
(categoryBehavior STARTSWITH "/Access" OR categoryBehavior = "/Communicate/Query") AND
categoryOutcome = "/Failure" | top sourceAddress | rename _count as Drops | rename sourceAddress
as "Source Address"

4. Firewall_Top_10_Target_Address
categoryDeviceGroup = "/Firewall" AND categoryOutcome = "/Failure" AND destinationAddress IS NOT
NULL | top destinationAddress | rename _count as Drops | rename destinationAddress as "Target
Address"
1|Page
@Anirudh

5. EPM_Top_Event_Sources
deviceVendor != "ArcSight" | top deviceProduct | rename _count as EventCount
deviceVendor != "ArcSight" | top deviceVendor | rename _count as EventCount

Change the time range according to your requirement, the dashboard data will populate for the given
time period.
Start time: $Now -1h
End Time: $Now

Click on Chart Settings, to modify the Chart Title, Chart Type and Display Limit.
Chart Type: Column

2|Page
@Anirudh

Display Limit: 10

Click on Apply to update the chart.

Click on Save, to save the saved search query.

Enter a name for the Save Query. Click on Saved Search and Click on Save.

Now, Go to Dashboard tab Select the dashboard where you want to add the chart Click on
Tools Add Panel

3|Page
@Anirudh

From the Add Panel menu, select the type of panel, Chart Type or Table type.

Enter the values for the following parameters:

Type: Search Results (Chart)
Title: Top_10_Event_Sources
Saved Search: Top_10_Event_Sources
Chart Type: Column
Chart Limit: 10

4|Page
@Anirudh

Click on Add to add the panel into the dashboard.

To show the graph in graphical format, use the following at the end of the search query:
| top <x-axis field name> | rename _count as <fieldname> | rename <x-axis field name> as "x-axis

5|Page
@Anirudh