XDR Dashboard
Note
To use these features, you can add the XDR package to your instance of the Cybereason platform for an additional cost. Contact your Customer Success Manager for details about this package.
Use the XDR Dashboard to quickly review all security events in your organization’s environment
To view the XDR Dashboard, navigate to the XDR > XDR Dashboard screen.
The XDR Dashboard displays the following types of security information:
Use-case |
Description |
|---|---|
Enterprise Risk |
Areas of concern for your organization. You can see MalOps created by Cybereason XDR and suspicious events ingested from your connected integrations. Note The Dashboard includes XDR MalOps only, not MalOps generated by EDR or EPP data. Along with the MalOps and suspicious events, the dashboard displays the top MITRE ATT&CK tactics/techniques associated with detected activity. This helps you understand the attack stages and attacker behaviors of events in your environment. |
XDR Health |
A summary of your XDR integrations to ensure they are working as expected. You can see events ingested over time, which helps you continually verify that data is ingested into Cybereason XDR from all data sources. In addition, you can view the integration health status for each connected integration, and see which integrations are reporting the highest volume of data. |
The XDR dashboard contains both a high-level and a detailed summary of Cybereason XDR in your environment.
Note
Managed integrations added in collaboration with the Cybereason GSOC are not included with the data displayed in the XDR Dashboard today. The ability to show these integrations is planned and will be included in the future.
At the top of the Dashboard, you can view the summary header, which provides a high-level, summarized view of all activity for the selected time period:
- This summary provides
cumulative totals for:
Total ingested events from all connected integrations
Total suspicious events
Total MalOps
Total Active MalOps
Total connected integrations
Integration Health Status
In this summary, you can view the total number of events ingested, not all of which are malicious. However, as you move to the right of the summary, the other data points for suspicious events and MalOps help you focus on the areas that require your immediate attention and investigation.
When you need more details on any of these areas, you can use the graphs included as part of the Dashboard, which include:
Graph |
Details |
|---|---|
Alert noise reduction |
This graph displays a percentage that represents the decrease in the number of incidents you must manually investigate and triage in your environment due to the use of the MalOp correlation engine.
|
Active MalOps severity |
This graph provides the total number of MalOps, based on the calculated severity of the MalOp:
You can assess the overall severity of threats in your environment through the total number of MalOps for each severity level. Use the XDR MalOps screen to then view and analyze these MalOps. Note The Dashboard includes XDR MalOps only, not MalOps generated by EDR or EPP data. For details on how to find and analyze XDR Malops, see Examine XDR Malops. For details on ths severity levels, see Suspicious Events Severity Scores. |
Malops by status |
This graph displays the total number of MalOps for each investigation status.
You and your analysts mark the status in the Overview tab of the details view for the MalOp. With this graph, you can understand if MalOps have been analyzed and addressed in a timely manner by your team. |
Top 10 MalOps by name |
This graph you can see which types of MalOps most frequently occur in your environment.
Because MalOps generated by the MalOp correlation engine, this graph enables you to view easily which type of attacks are occurring in your environment. |
Top MITRE tactics |
This graph displays up to five of the most frequently reported MITRE ATT&CK tactics associated with suspicious events and MalOps reported to and detected by Cybereason XDR.
The tactics included in this graph help you understand the most frequently types of attacks and place in the attack cycle for reported and detected behavior. |
Top MITRE techniques |
This graph displays up to five of the most frequently reported MITRE ATT&CK techniques associated with the suspicious event and MalOps reported toa nd detected by Cybereason XDR.
The techniques included in this graph help you understand the most frequent behaviors used by attackers for reported and detected behavior. |
Top integrations by volume |
This graph shows up to 5 of your integrations that report the highest number of events to Cybereason XDR.
You can use this data to sport areas of concern in your organization, such as potential network attacks with a large number of events from your firewall-based integrations. Likewise, you can use this data to help fine-tune the configuration from integrated platforms if the number of reported events is much higher or lower than expected. Note The data displayed in this graph does not change when you update the time filter in the dashboard. |
Events ingested over time |
This graph shows a trend of all events ingested over time, as well as the total number of events at specific data points in the selected time frame.
With the data, you can ensure that data from your integrations is continually ingested into Cybereason XDR, per integration. You can also see trends in the increase or decrease of total events. |
When you use the XDR Dashboard, you can update the time period for which data is displayed:
Last week
Last month
Last 6 months
As you change the time period, the XDR Dashboard updates with data from that time period.