cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

How to create a New Dashboard in ESM

Jump to solution

Hello All,

I have added one static Watch List recently to our ESM. I would like to set up a dashboard for that to see if any events are received which has IP from that watch list. Can anybody help me on how to create a new dashboard please ? Thanks in advance.

1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 11

Re: How to create a New Dashboard in ESM

Jump to solution

In that case, while in the View Editing mode, you can go to the top left drill down menu on the component filtering for your watchlist and drill down to Event Drilldown | Network | Destination IPs and another component will be created and bound to the first. All of the IP's will be in the list and you can select an IP from the original component to drill down to the specific Destination IP addresses. You can drill down to additional fields in the same way to build out your dashboard.

drilldown-edit.png

View solution in original post

10 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 11

Re: How to create a New Dashboard in ESM

Jump to solution

Please check out this awesome video by Kara for a training session on views.

To your specific question though:

1. Create a new view or edit an existing one.

2. Drag out the component you would like to display the data (bar/pie/table).

3. Select Source IPs, click Next.

4. Click Filters. Type Source IP into the bottom box if you don't see the field.

5. Click the Filter Display list icon at the end of the field.

filter-list.png

6. Click the Watchlists tab and select your watchlist.

7. Click OK and finish.

8. You can repeat with another component and Destination IPs or use OR in your filter.

view-filter-watchlist.PNG

Highlighted

Re: How to create a New Dashboard in ESM

Jump to solution

Appreciate your quick response. I am stuck at filter option. Can I fulfill below conditions using filter to display resultsin single window ?

1) Display Source IP if destination matches with WL

2) Display Destination IP if Source IP matches with WL

What I need is only IPs to be displayed over there. Thanks again

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 11

Re: How to create a New Dashboard in ESM

Jump to solution

Yes. This is what my second screenshot is showing you. Use the OR flags at the end of the fields.

Highlighted

Re: How to create a New Dashboard in ESM

Jump to solution

Hiya,

I tried that and it is giving me the list of IPs which are there in watchlist

ex: it is displaying the source IP name which matches with WL where as I need destination IP ( which is ours) in this case.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 11

Re: How to create a New Dashboard in ESM

Jump to solution

In that case, while in the View Editing mode, you can go to the top left drill down menu on the component filtering for your watchlist and drill down to Event Drilldown | Network | Destination IPs and another component will be created and bound to the first. All of the IP's will be in the list and you can select an IP from the original component to drill down to the specific Destination IP addresses. You can drill down to additional fields in the same way to build out your dashboard.

drilldown-edit.png

View solution in original post

Highlighted

Re: How to create a New Dashboard in ESM

Jump to solution

It worked. Thanks a lot

Highlighted

Re: How to create a New Dashboard in ESM

Jump to solution

Hello Andy,

It is displaying all aggregated events in the dashboard instead of only events which has match with my WL.So, the count it is showing is wrong. Can you please help me on how to get only required events ?

Ex: It is showing event count as 50. When I drill down, there is only one event which has match with WL.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 11

Re: How to create a New Dashboard in ESM

Jump to solution

Could you post a screen cap please?

When I create a component of Source IPs and apply a watchlist filter, I only see the IP addresses on my watchlist with the correct event counts. When I drill down from one of those IP addresses, I see the Destination IP reflecting the same event counts. Thanks.

view2.PNG

Highlighted

Re: How to create a New Dashboard in ESM

Jump to solution

Hi Andy,

This is how my dashboard looks when I asked to display source IPs when dest ip matches with WLCapture1.PNG

When I drill down to the first row 312, it is showing me all the events as you see below ( of course one of those events is actually what I need where it matches with WL).

Capture3.PNG

Please let me know. Thanks in advance.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community