Skip to main content

Investigate using Cyber Shield Top 10 Dashboard

Abstract

The bubble chart displayed in the Top 10 Dashboard can be used to drill down to find the source of threat traffic or domain lookups.

The bubble chart displayed in the Top 10 Dashboard can be used to drill down to find the source of threat traffic or domain lookups.

For instance, at the top level of the Top 10 Dashboard for Observed Domains, the bubble chart shows the top 10 categories based on the number of events. If you drill down a specific category, the chart shows the breakdown for all users, and if you drill down further, it shows the particular devices for those users that generated the domain requests.

To investigate the source of the Domain filtering or Traffic filtering event, follow the steps below:

  1. Navigate to Shield > Overview.

  2. Scroll down to the Top 10 Dashboard section.

  3. Select the desired timeframe from the time duration drop-down. The choices are This hour, Last 24 Hours, Last 7 Days, and Last 30 Days.

  4. Click one of the desired tabs:

    • Observed domains

    • Blocked domains

    • Observed traffic

    • Observed traffic

    • Blocked traffic

    The bubble graph will display.

  5. Click a bubble representing a category or threat priority.

    The next level of detail will display the Users, Networks, or Hosts that generated the events that fell into that category or threat priority as bubbles.

  6. Click a bubble representing a User, Network, or Host.

    The next level of detail will display the devices for the selected user or the Connectors for the Network or Host that generated the traffic.

  7. You can navigate back to a higher level of detail by clicking the breadcrumbs.

Tutorial showing a drill-down investigation using the Cyber Shield Top 10 Dashboard