Detections Dashboard
WidgetDescriptionType
Most recent detections Displays a list of recent external API events, arranges them in order of severity (low, medium, high, and critical), then limits results to the first 1000 entries.

Hide Query

Show Query

Table
Source Users Most Involved in Detections Displays a table of source users most involved in detections.

Hide Query

Show Query

Table
Low Displays the number of events with a low severity rating (greater than or equal to 20, or less than or equal to 39).

Hide Query

Show Query

Single Value
Critical

Hide Query

Show Query

Single Value
Medium Displays events considered medium severity, with a rating greater than 40 but less than 59.

Hide Query

Show Query

Single Value
Detections by severity Displays a chart of event detections by severity (information, low, medium, high, and critical).

Hide Query

Show Query

Time Chart
MITRE Tactics and Techniques Details Displays a table of MITRE ATT@CK tactics and techniques, and their associated severity level (information, low, medium, high, and critical).

Hide Query

Show Query

Table
Detections by name Displays a list of detections by name.

Hide Query

Show Query

Table
High Displays the number of events given a 'high' severity rating (greater than or equal to 60, and less than or equal to 79).

Hide Query

Show Query

Single Value
Source endpoints most involved in detections Displays a table of source endpoints most involved in system detections.

Hide Query

Show Query

Table
MITRE Tactics and Techniques Overview Displays an overview list of MITRE tactics and techniques.

Hide Query

Show Query

Heat Map
Event Analysis Dashboard
WidgetDescriptionType
Time Chart of Total AD Password Changes Displays a chart of total Active Directory password changes by domain name.

Hide Query

Show Query

Time Chart
Top AD Account Lockouts by Username displays a chart of top Active Directory account lockouts by username.

Hide Query

Show Query

Bar Chart
Top AD User Names with the Most Change Events Displays a list of top usernames with the most Active Directory (AD) change events based on domain.

Hide Query

Show Query

Bar Chart
Time Chart of Active Directory Account Changes Plots the changes to the account within Active Directory

Hide Query

Show Query

Time Chart
Top AD Password Changes by Username Displays a chart of top Active Directory password changes by username.

Hide Query

Show Query

Bar Chart
AD Account Creations by Username Displays a table of Active Directory account creations by username and arranged by domain.

Hide Query

Show Query

Table
Top SSO Authentication Failures by Username Displays a list of top SSO authentication failures by username.

Hide Query

Show Query

Table
Top AD Authentication Failures by Username Displays a table of tp AD authentication failures by username.

Hide Query

Show Query

Table
Identity-based Detections
WidgetDescriptionType
Identity-based Detections

Hide Query

Show Query

Table
Threat Hunter
WidgetDescriptionType
Privilege Escalation Detections Displays a table of IDP escalation detections and summarizes their details including account name, domain, policy rule name, source endpoint name, and added privileges.

Hide Query

Show Query

Table