3 Using the QRadar SIEM dashboard

© Copyright IBM Corporation 2013

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
Objectives
After completing this unit, you should be able to perform the
following tasks:
• Navigate the default dashboard
• Customize dashboards

© Copyright IBM Corporation 2013 2

Lesson 1. Navigating the Dashboard tab

© Copyright IBM Corporation 2013

Course materials may not be reproduced in whole or in part without the prior written permission of IBM.
Dashboard overview
• QRadar SIEM shows the Dashboard tab when you log in.
• You can create multiple dashboards.
• Each dashboard can contain items that provide summary and
detailed information.
• Six default dashboards are available.
• You can create custom dashboards to focus on your security or
operations responsibilities.
• Each dashboard is associated with a user. Changes that you
make to a dashboard do not affect the dashboards of other
users.

© Copyright IBM Corporation 2013 4

Instructor demonstration of the dashboard

© Copyright IBM Corporation 2013 5

Default dashboard
Click a tab to load it. Tabs Tables and charts

© Copyright IBM Corporation 2013 6

QRadar SIEM tabs

Use tabs to navigate the primary QRadar SIEM functions

• Dashboard: The initial summary view
• Offenses: Displays offenses; list of prioritized incidents
• Log Activity: Query and display events
• Network Activity: Query and display flows
• Assets: Query and display information about systems in your
network
• Reports: Create templates and generate reports
• Admin: Administrative system management
© Copyright IBM Corporation 2013 7
Other menu options

The dashboard has the following additional menu options:

• Preferences

• Help

• Logout

© Copyright IBM Corporation 2013 8

Context-sensitive help
Click the question mark in any window to access help for the
current page.

© Copyright IBM Corporation 2013 9

Dashboard refresh
• In the displayed Pause/Play Refresh
dashboard, events
and flows refresh
every minute unless
you click Pause.
• Use the Refresh
button to manually
refresh the displayed
data.

© Copyright IBM Corporation 2013 10

Lesson 2. Customizing a dashboard

© Copyright IBM Corporation 2013

Course materials may not be reproduced in whole or in part without the prior written permission of IBM. 11
Dashboard variety
• QRadar SIEM includes the following default dashboards:
 Application Overview
 Compliance Overview
 Network Overview
 System Monitoring
 Threat and Security Monitoring
 Vulnerability Management
• Use multiple dashboards to better organize data
For example, a single user can have the following dashboards:
 Databases
 Critical Applications
to show log and network activity of these systems.

© Copyright IBM Corporation 2013 12

Creating a custom dashboard
Show Dashboard: New Dashboard: Add item:
Select a dashboard Create a new dashboard Add an item
to view. empty of items. to dashboard.

© Copyright IBM Corporation 2013 13

Items
Include no more than 15 items on each dashboard.

© Copyright IBM Corporation 2013 14

Managing dashboard items
Click Add Item to place additional objects on the dashboard.
Click the green icon to detach the object from the interface to the desktop.
Click the yellow icon to modify the settings of an object.
Click the red icon to delete an object from the dashboard.

© Copyright IBM Corporation 2013 15

Student exercise
Use the procedures in the Student
Exercises Guide to create a new
dashboard.

© Copyright IBM Corporation 2013 16

Summary
Now that you have completed this unit, you should be able to
perform the following tasks:
• Navigate and customize the user interface
• Customize dashboards

© Copyright IBM Corporation 2013 17