cancel
Showing results for 
Search instead for 
Did you mean: 

How to create a New Dashboard in ESM

Jump to solution

Hello All,

I have added one static Watch List recently to our ESM. I would like to set up a dashboard for that to see if any events are received which has IP from that watch list. Can anybody help me on how to create a new dashboard please ? Thanks in advance.

1 Solution

Accepted Solutions
McAfee Employee andy777
McAfee Employee
Report Inappropriate Content
Message 6 of 11

Re: How to create a New Dashboard in ESM

Jump to solution

In that case, while in the View Editing mode, you can go to the top left drill down menu on the component filtering for your watchlist and drill down to Event Drilldown | Network | Destination IPs and another component will be created and bound to the first. All of the IP's will be in the list and you can select an IP from the original component to drill down to the specific Destination IP addresses. You can drill down to additional fields in the same way to build out your dashboard.

drilldown-edit.png

10 Replies
McAfee Employee andy777
McAfee Employee
Report Inappropriate Content
Message 2 of 11

Re: How to create a New Dashboard in ESM

Jump to solution

Please check out this awesome video by Kara for a training session on views.

To your specific question though:

1. Create a new view or edit an existing one.

2. Drag out the component you would like to display the data (bar/pie/table).

3. Select Source IPs, click Next.

4. Click Filters. Type Source IP into the bottom box if you don't see the field.

5. Click the Filter Display list icon at the end of the field.

filter-list.png

6. Click the Watchlists tab and select your watchlist.

7. Click OK and finish.

8. You can repeat with another component and Destination IPs or use OR in your filter.

view-filter-watchlist.PNG

Re: How to create a New Dashboard in ESM

Jump to solution

Appreciate your quick response. I am stuck at filter option. Can I fulfill below conditions using filter to display resultsin single window ?

1) Display Source IP if destination matches with WL

2) Display Destination IP if Source IP matches with WL

What I need is only IPs to be displayed over there. Thanks again

McAfee Employee andy777
McAfee Employee
Report Inappropriate Content
Message 4 of 11

Re: How to create a New Dashboard in ESM

Jump to solution

Yes. This is what my second screenshot is showing you. Use the OR flags at the end of the fields.

Re: How to create a New Dashboard in ESM

Jump to solution

Hiya,

I tried that and it is giving me the list of IPs which are there in watchlist

ex: it is displaying the source IP name which matches with WL where as I need destination IP ( which is ours) in this case.

McAfee Employee andy777
McAfee Employee
Report Inappropriate Content
Message 6 of 11

Re: How to create a New Dashboard in ESM

Jump to solution

In that case, while in the View Editing mode, you can go to the top left drill down menu on the component filtering for your watchlist and drill down to Event Drilldown | Network | Destination IPs and another component will be created and bound to the first. All of the IP's will be in the list and you can select an IP from the original component to drill down to the specific Destination IP addresses. You can drill down to additional fields in the same way to build out your dashboard.

drilldown-edit.png

Re: How to create a New Dashboard in ESM

Jump to solution

It worked. Thanks a lot

Re: How to create a New Dashboard in ESM

Jump to solution

Hello Andy,

It is displaying all aggregated events in the dashboard instead of only events which has match with my WL.So, the count it is showing is wrong. Can you please help me on how to get only required events ?

Ex: It is showing event count as 50. When I drill down, there is only one event which has match with WL.

McAfee Employee andy777
McAfee Employee
Report Inappropriate Content
Message 9 of 11

Re: How to create a New Dashboard in ESM

Jump to solution

Could you post a screen cap please?

When I create a component of Source IPs and apply a watchlist filter, I only see the IP addresses on my watchlist with the correct event counts. When I drill down from one of those IP addresses, I see the Destination IP reflecting the same event counts. Thanks.

view2.PNG

Re: How to create a New Dashboard in ESM

Jump to solution

Hi Andy,

This is how my dashboard looks when I asked to display source IPs when dest ip matches with WLCapture1.PNG

When I drill down to the first row 312, it is showing me all the events as you see below ( of course one of those events is actually what I need where it matches with WL).

Capture3.PNG

Please let me know. Thanks in advance.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community