Showing results for 
Search instead for 
Did you mean: 

SIEM Foundations: Configure User-specific ESM Settings


Each user who logs into ESM has a few settings that should be set to best match the user's needs.  User options can be accessed via the options link in the top-right corner.


There are a fairly wide range of different options here for the user to review, but two options are important to configure early in your work with ESM.


Configure User Time Zone

ESM allows each user to configure the time zone in which they would like to view events within the ESM UI.  Events are stored in the ESM database normalized to GMT, but are always displayed in the user's configured time zone.  This value defaults to GMT for each new user.  If it is not adjusted, then the timeframes displayed in the ESM UI may be confusing to some users.


As a consistency check, the time shown in the lower-right corner of the ESM UI should typically match the time displayed on the local user's workstation, as shown in the screenshot below.



Configure User Default Views

Each user also has a number of configurable views that should be set early on.  The default views (Default Summary) are helpful in some circumstances, but do not necessarily provide the best initial view into your enterprise data.  Over time, it is typical for users to craft their own views to meet their unique needs.  However, the selections shown below make a good starting point:


Default System View: This is the view that is displayed when first logging into the ESM.  It's also the view that is displayed when the user selects the Home icon in the top-center if the ESM UI.  Suggested initial default: Dashboard Views/Incidents Dashboard.  This view highlights correlated events, which are often among the more interesting things that the SIEM can highlight.


Event Summarize View: This view is displayed when the user pivots using the Summarize option on events.  See for more details on the Summarize feature.  It's useful to have a view here that provides a great deal of event detail in a single pane.  Suggested default: Dashboard Views/Normalized Dashboard


Flow Summarize View: This view is displayed when the user pivots using the Summarize option on flows.  See for more details on the Summarize feature.  It's useful to have a view here that provides a great deal of flow detail in a single pane.  Suggested default: Flow Views/Default Flow Summary





« previousoutlinenext »

Labels (1)

That is great, however once we do a drilldown (Pancake > Event Drilldown > Evens) there is a table with some fields in it by default.

How can we change the fields shown by default in this kind of view (For all next drilldown on events)?

Unfortunately, I'm not aware of a way to change the default columns that show up when you do a drill down to event details in this manner.  Your best option would be to create a custom view with an Event Details panel configured the way you want it, and switch to that view when needed.  In most cases, I will include a panel like this in my default Summarize view.  If you choose "Pancake > Summarize" instead of "Pancake > Event Drilldown > Events" this would accomplish your goal without adding any extra clicks.


Hi Scott,

Thx for looking into this. Too bad it isn't possible at this time. Sometimes users want different/other fields when running that command on any of the dashboards

Version history
Revision #:
3 of 3
Last update:
‎03-15-2018 12:24 PM
Updated by:

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community