-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy pathdeepsecurity_antimalware_dashboard.xml
More file actions
71 lines (71 loc) · 3.38 KB
/
deepsecurity_antimalware_dashboard.xml
File metadata and controls
71 lines (71 loc) · 3.38 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
<!-- Copyright 2018, Trend Micro -->
<form>
<label>Deep Security Anti-Malware Dashboard</label>
<fieldset submitButton="false">
<input type="time" token="timeframe">
<label>Time Frame</label>
<default>
<earliestTime>-24h@h</earliestTime>
<latestTime>now</latestTime>
</default>
</input>
</fieldset>
<row>
<panel>
<chart>
<title>Anti-Malware Event History</title>
<searchString>(sourcetype=deepsecurity-antimalware OR sourcetype=deepsecurity-antimalware:json) | timechart count by action limit=10</searchString>
<earliestTime>$timeframe.earliest$</earliestTime>
<latestTime>$timeframe.latest$</latestTime>
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
<option name="charting.axisTitleX.text">Hour</option>
<option name="charting.axisTitleX.visibility">visible</option>
<option name="charting.axisTitleY.text">Events</option>
<option name="charting.axisTitleY.visibility">visible</option>
<option name="charting.axisTitleY2.visibility">visible</option>
<option name="charting.axisX.scale">linear</option>
<option name="charting.axisY.scale">linear</option>
<option name="charting.axisY2.enabled">false</option>
<option name="charting.axisY2.scale">inherit</option>
<option name="charting.chart">column</option>
<option name="charting.chart.nullValueMode">gaps</option>
<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
<option name="charting.chart.stackMode">stacked</option>
<option name="charting.chart.style">shiny</option>
<option name="charting.drilldown">all</option>
<option name="charting.layout.splitSeries">0</option>
<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
<option name="charting.legend.placement">right</option>
</chart>
</panel>
</row>
<row>
<panel>
<table>
<title>Anti-Malware Activity</title>
<searchString>(sourcetype=deepsecurity-antimalware OR sourcetype=deepsecurity-antimalware:json) | top limit=5 signature | rename signature as "Malware Name" count AS "Event Count" percent AS "Percent of Total"</searchString>
<earliestTime>$timeframe.earliest$</earliestTime>
<latestTime>$timeframe.latest$</latestTime>
<option name="wrap">true</option>
<option name="rowNumbers">false</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">cell</option>
<option name="count">10</option>
</table>
</panel>
<panel>
<table>
<title>Anti-Malware Computer Activity</title>
<searchString>(sourcetype=deepsecurity-antimalware OR sourcetype=deepsecurity-antimalware:json) | top limit=5 dvchost | rename dvchost as "Computer Name" count AS "Event Count" percent AS "Percent of Total"</searchString>
<earliestTime>$timeframe.earliest$</earliestTime>
<latestTime>$timeframe.latest$</latestTime>
<option name="wrap">true</option>
<option name="rowNumbers">false</option>
<option name="dataOverlayMode">none</option>
<option name="drilldown">cell</option>
<option name="count">10</option>
</table>
</panel>
</row>
</form>