vectra/detections Dashboards

Audit

The Audit dashboard provides comprehensive authentication monitoring and event analysis through security-focused visualizations. This dashboard enables tracking of login attempts, monitoring of successful authentications, and analysis of audit events across the Vectra environment.
Unified Dashboard

The Unified Dashboard presents integrated security detection analysis through severity-based visualizations. This dashboard enables monitoring of host severity levels, tracking of entity scores, and assessment of detection patterns across the security infrastructure.

Audit

The Audit dashboard provides comprehensive authentication monitoring and event analysis through security-focused visualizations. This dashboard enables tracking of login attempts, monitoring of successful authentications, and analysis of audit events across the Vectra environment.

Widget	Description	Type
Fail login events	Displays a chart of failed user logins over time. Hide Query Show Query logscale `#type="Vectra-Detect" AND role=* AND user != "null" AND result="failure" \| user=?user \| timechart("user")`	`Time Chart`
Successful login events	Displays a list of users who logged in successfully over time. Hide Query Show Query logscale `#type="Vectra-Detect" AND role=* AND user != "null" AND result="success" \| user=?user \| timechart("user")`	`Time Chart`
Audit events	Displays a list of all audit logs from Vectra Detect. Hide Query Show Query logscale `#type="Vectra-Detect" AND role=* \| result=?result \| message=?search \| select([@timestamp, user, privilege, result, message]) \| "User" := rename(user) \| "Role" := rename(privilege) \| "Result" := rename(result) \| "Activity" := rename(message)`	`Table`
Results	Displays a list of Vectra Detect results in pie chart format. Hide Query Show Query logscale `#type="Vectra-Detect" AND role=* \| user=?user \| result=?result \| message=?search \| groupBy(result)`	`Pie Chart`

Unified Dashboard

The Unified Dashboard presents integrated security detection analysis through severity-based visualizations. This dashboard enables monitoring of host severity levels, tracking of entity scores, and assessment of detection patterns across the security infrastructure.

Widget	Description	Type
Host by Severity	Displays a pie chart of host by severity (Low, Critical, High, Medium). Hide Query Show Query logscale `#type = "Vectra-Detect" AND (category="HOST SCORING" or category="ACCOUNT SCORING") \| case { threat <= 50 AND certainty <= 50 \| Severity := "LOW"; threat > 50 AND certainty > 50 \| Severity := "CRITICAL"; threat > 50 AND certainty <= 50 \| Severity := "HIGH"; threat <= 50 AND certainty > 50 \| Severity := "MEDIUM"; *} \| Severity=?severity \| groupBy("Severity")`	`Pie Chart`
Entities View	List accounts and hosts with associated score Hide Query Show Query logscale #type = "Vectra-Detect" \| in(category, values=["HOST SCORING", "ACCOUNT SCORING"]) \| case { threat <= 50 AND certainty <= 50 \| Severity := "LOW"; threat > 50 AND certainty > 50 \| Severity := "CRITICAL"; threat > 50 AND certainty <= 50 \| Severity := "HIGH"; threat <= 50 AND certainty > 50 \| Severity := "MEDIUM"; } \| Severity=?severity \| case { host_name \| Entity := host_name; account_uid \| Entity := account_uid; } \| "Host IP" := rename(host_ip)\| "Vectra URL" := rename(href) \| Entity=?entity \| groupBy(Entity, function={tail(1) \| "Host IP" := rename(host_ip)\| "Vectra URL" := rename(href) \| select([@timestamp, Severity, Entity, "Entity Dashboard", "Host IP", threat, certainty, "Vectra URL"])})	`Table`
Detections by category over Time	Detections by Type over Time Hide Query Show Query logscale #type = "Vectra-Detect" AND (category="BOTNET ACTIVITY" or category="EXFILTRATION" or category="COMMAND & CONTROL" or category="RECONNAISSANCE" or category="LATERAL MOVEMENT" or category="INFO") \| case { threat <= 50 AND certainty <= 50 \| Severity := "LOW"; threat > 50 AND certainty > 50 \| Severity := "CRITICAL"; threat > 50 AND certainty <= 50 \| Severity := "HIGH"; threat <= 50 AND certainty > 50 \| Severity := "MEDIUM"; } \|Severity=?severity \| case { host_name \| Entity:= host_name; account_uid \| Entity := account_uid; } \|Entity=?entity \|timechart(category)	`Time Chart`
Detections list	List of detections based on Entity name and severity. Hide Query Show Query logscale #type = "Vectra-Detect" AND (category="BOTNET ACTIVITY" or category="EXFILTRATION" or category="COMMAND & CONTROL" or category="RECONNAISSANCE" or category="LATERAL MOVEMENT" or category="INFO") \| case { threat <= 50 AND certainty <= 50 \| Severity := "LOW"; threat > 50 AND certainty > 50 \| Severity := "CRITICAL"; threat > 50 AND certainty <= 50 \| Severity := "HIGH"; threat <= 50 AND certainty > 50 \| Severity := "MEDIUM"; } \| Severity=?severity \| case { host_name \| Entity:= host_name; account_uid \| Entity := account_uid; } \| Entity=?entity \| groupBy("detection_id", function={tail(1)\| "Detection name" := rename(d_type_vname)\| "Vectra URL" := rename(href) \| time := rename(vectra_timestamp) \| select([time,triaged,category,Severity,Entity,host_ip,"Detection name",threat,certainty,"Vectra URL"])})	`Table`

Versions of this Page

Package Marketplace

Package Reference

Dashboard Reference

Package Management

Other Integrations

Log Formats

vectra/detections Dashboards

Audit

Unified Dashboard

Enter search term