Common curated dashboards overview

Supported in:

Google secops Siem

This document provides an overview of the common curated dashboards. These dashboards provide an out-of-the-box experience that lets you visualize and monitor important security metrics.

User sign in overview dashboard

The user sign-in overview dashboard provides a comprehensive analysis of authentication activities, helping you identify and monitor sign-in events. This helps you detect potentially risky users, analyze sign-in statuses and trends, and understand geographical activity and associated hosts. You can also investigate unusual login behaviors, swiftly respond to potential security breaches, and maintain robust security through continuous monitoring and proactive threat detection. This dashboard captures events from all ingested log sources, relying on available and correctly parsed UDM fields for accurate results.

Firewall activity monitoring dashboard

The firewall activity monitoring dashboard provides an overview of firewall status and traffic. It enables effective threat management by analysing blocked traffic versus allowed traffic and identifying top destination IPs. Additionally, it supports performance monitoring by tracking rule effectiveness and changes. It also helps in prioritizing and responding to critical vulnerabilities and highlights suspicious traffic patterns.

Sysmon monitoring dashboard

The sysmon monitoring dashboard provides an overview of process creations, network connections, and file changes, helping security analysts, security infrastructure managers, security managers, and auditors interpret sysmon activities, identify suspicious behavior, and track potential threats for rapid response. This facilitates effective threat management, supports performance monitoring, and enables efficient prioritization and response to critical security events.

Web Application Firewall (WAF) monitoring dashboard

The Web Application Firewall (WAF) monitoring dashboard provides real-time insights into web application security. It offers a comprehensive overview of WAF status, facilitates effective threat management by analyzing traffic and attack patterns, supports performance monitoring, and enables prioritized responses to critical security concerns.

DNS monitoring dashboard

The DNS monitoring dashboard provides a centralized view of DNS performance and activity, offering insights into query types, top source IPs, and various event statistics, including total, allowed, and denied DNS events.

Multi-factor Authentication (MFA) monitoring dashboard

The Multi-factor Authentication (MFA) monitoring dashboard provides a comprehensive overview of MFA activities, facilitates effective threat management, supports performance monitoring, and enables prioritized responses to critical security concerns.

Network traffic overview dashboard

The network traffic overview dashboard provides real-time insights into network data flows, enabling them to efficiently monitor, analyze, and address network activities. This dashboard assesses traffic patterns, protocol distributions, and event classifications to identify anomalies and irregular behaviors.

Port and protocol overview dashboard

The port and protocol overview dashboard provides a thorough analysis of network ports and protocols, offering real-time and historical data on port activity, protocol utilization, and potential vulnerabilities. This dashboard helps maintain network security, optimize performance, and ensure compliance.

Need more help? Get answers from Community members and Google SecOps professionals.