Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            SIEM (HIDS) Dashboard Overview

            Created by Jaseem Masood, Modified on Tue, 13 May at 4:59 PM by Jaseem Masood

            The SIEM (HIDS) dashboard provides a centralized view of Host-based Intrusion Detection System (HIDS) alerts and monitored assets. 



            Filter by agent and time period

            The SIEM dashboard (HIDS) include a filter panel on the right-hand side, allowing to narrow down data based on specific agents and time periods.

             


            Alerts Chart:
            Visual representation of alerts over time per device, enabling pattern recognition and quick issue identification. 


            Top Tactics

            • Displays the most frequently used MITRE ATT&CK tactics associated with detected threats.

            • Helps security teams identify common attacker behaviors.


            MITRE Techniques by Agent

            • Visualizes which MITRE ATT&CK techniques were triggered, grouped by agent.

            • Useful for agent-level threat mapping and response planning.


            Vulnerability

            • Four separate cards represent the number of vulnerabilities detected, categorized by severity:

              • Critical Vulnerabilities

              • High Vulnerabilities

              • Medium Vulnerabilities

              • Low Vulnerabilities

            • These indicators help prioritize remediation based on risk impact.


            4. Alert Level Evolution (Graph)

            • Shows a time-based area chart of alerts categorized by severity levels.

            • Allows tracking of alert volume trends over time.



            MITRE Panels (Top Tactics & Attacks by Technique)

            • Reserved panels for future display of attack tactics and techniques per MITRE ATT&CK mapping.

            • Useful for classifying and understanding attacker goals and methods when data is available.


            Registry Activity Counters

            • Displays the count of key registry-related actions that may indicate suspicious behavior:

              • Registry Value Entry Deleted

              • Registry Key Entry Added

              • Registry Key Deleted

              • Host Anomaly Detection

              • Remote Desktop Connected

              • Remote Desktop Disconnected
                These counters help identify unauthorized or unusual modifications to the system registry and remote session activity.


            MITRE Attack Logs

            • A tabular view of detected attack events with the following details:

              • Time – When the event occurred

              • Agent Name – Identifier for the host agent

              • Agent IP – IP address of the affected system

              • Tactic – MITRE tactic (currently not populated)

              • Description – Explanation of the detected action (e.g., logon failure)

              • Level – Severity level of the detection

            This log enables SOC teams to track endpoint-level attack patterns and respond to behavioral anomalies promptly.


            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0