When I build Dashboard and have geolocation of Source IP and Destination IP then I am getting all sports in blue color, But I want to differentiate based up on count.
Lets says if we are getting more threats from single location then Dot on that location should be in red in color instated on blue ( Currently I am getting Big Dot ).
and I have another Doubt, Is the Source and Destination IPs that we re getting in ESM dashboard is the IP addresses of the threats?
The blue dot will not grow based upon volume of events. It will grow based upon the event severity scoring.
If you go into the props of the GEOLOC map, you can turn on baselining, which will give you "red" dots, which will denote past history of events.