CyberCNS provides a Company-wise visual representation of the data for data sources such as Assets, Vulnerabilities, Active Directory, Azure Active Directory, Vulnerabilities, Remediation etc on the Dashboard. |
Navigate to Company View.
Select the Company from the drop-down to view the Dashboard related to that Company.
On the Company View, navigate to the Overview tab to view the Dashboard.
In the image depicted below, different options such as creating a new company, Updating a Company, Deleting a Company, downloading the agent using the Probe/Agent tab, and performing a scan by using a Start scan are available.
In case an Update option is selected, an update of the company information with details such as Name, Address, City, etc can be updated.
Fullscreen, Share, Clone, Reporting, Edit, Refresh, Show Dates, and Add Filter are the different actions available under all Dashboards.
When selecting to Share the dashboard, you will get two options, Embed code, and Permalinks. Going forward you can select relevant options.
As shown in the image below, cloning the preexisting dashboard by giving a new name for the dashboard is possible.
By using Reporting option, generate the report and download the report in PDF or PNG format.
Also, the View Reports option is available.
When the Edit option is selected, edit the dashboard with the options available as depicted in the below image are available.
With the Edit function, every widget on the dashboard can be edited.
Using the Show dates option, view the data within the selected date range.
Choose the date as per the requirement and click on Apply.
Either select the Date and Time Range using Absolute or Relative or Now.
To add a filter to the dashboard, select the Add Filter option as depicted in the below image and select the filters required and click on Save.
Users can create customer dashboards using the below process. Cloning existing dashboard to create a new custom dashboard is the practice to follow to avoid losing default dashboards as any product update will get the default dashboards back to their original state.
Dashboard Overview - Please refer to the below document on how to create custom dashboards with values.
Create a custom dashboard where we can show reports & graphs based on Tags as shown below.
First, create tags for assets. That tag will be associated with that asset. Add one or more tags for the same asset as shown below.
Click on the Overview section to see the dashboards.
Click on the 3 lines shown inside the Dashboards section. Click on Dashboard as shown below.
It will list all the dashboards. Click on Create Dashboard to create a new custom dashboard as shown below.
Now for a custom dashboard, either add an existing report/visualization or create a new report/visualization, and add an existing visualization/report or new object to this dashboard as shown below.
Now add an existing visualization from the "Add panels" Section. Here select the report "Asset Table" as shown below.
Now the visualization/report has been added to the new custom dashboard.
Here Click on the "Add filter" option as shown below to filter based on tags.
Then click on "Edit as Query DSL" as shown below.
Now it will show a filter where we have to enter the query.
Here is the query to entered.
Filter for tags as it has 2 keys: "tags.keyword" & "assetRef.tags.keyword"
The query for Tags is as below.
In the query, replace "Windows 11 Incompatible" with your own tag name. Enter the query in the filter bar and Save.
{
"query": {
"bool": {
"should": [
{
"match": {
"tags.keyword": "Windows 11 Incompatible"
}
},
{
"match": {
"assetRef.tags.keyword": "Windows 11 Incompatible"
}
}
]
}
}
}
It will filter the dashboard based on the tag given.
For example, it has filtered assets based on the "Windows 11 Incompatible" tag in the below dashboard.
Here are the dashboard values for the custom time period as shown below which shows for 1 year.
Now click on the Edit button & Save the dashboard.
A custom dashboard has been created as custom dashboard for tags.
To edit the filter, edit the dashboard and then edit the filter.
If needed there is an option to temporarily disable the filter, it can be done as shown below.
Added more reports as shown below.
Here are the added active assets metric, Latest Risk Score table & Graph of assets, Assets detailed table, Application Vulnerabilities Table, Network vulnerabilities Table & Overall Vulnerability table which pretty much cover all aspects of an asset. It can still add more reports if needed for the custom dashboard from the visualization library or custom graph.
A custom dashboard for tags is successfully created using above method.
The Overview dashboard presents various reports and trending graphs, including the Application Vulnerability Trending and Network Vulnerability Trending graphs. These graphs display the trend of vulnerabilities over a specific period. By default, they showcase the historical trend of vulnerabilities for the past 30 days. This feature is valuable for comparing vulnerabilities between previous and current time frames.
The default time period can be changed from the past last 30 days or last 90 days or the last 1 year or your custom date range from the time frame as shown below.
The data will be stored in CSV format, To download the file hover over the Graph then click on Inspect as shown below.
The report can be downloaded either as a Raw file or a Formatted file. Recommended to download the Formatted file.
Dips in Historical Trending Graphs
The dips are observed in historical trending graphs because there might be no data within the time selected (3 hours) to be seen in the graph. A graph is generated in the dashboard tool based on the data generated from the latest scan.
Dips could be due to 3 reasons:
If a scan scheduler is scheduled every day, typically at 24-hour intervals, and you examine a graph with time period gaps of every 3 hours or 12 hours, there may be no data available for those intervals. However, if scans have been conducted and you plot a graph for a 24-hour period or a single day, it will display an unbroken and continuous line graph.
If the periodic scan scheduler is removed, there are no scans & hence no data to show in the graph.
Assets might be offline. So scans might not be detected.
To observe a smooth and continuous curve, select a longer time frame such as the last 90 days, the last 1 year, or a custom time period. This will allow you to view scans per day or per week, resulting in a graph that shows a consistent and uninterrupted line.
This data will be populated in case a lightweight agent is installed on Domain Controller. This agent reads this Audit data from Events generated on DC.
In the Active Directory User Audit section of the Dashboard, under the Users section can get the stats for the Event Stats, Account-Based Event Stats, User Stats, Users Password Change Attempts, Recently Created Users, Recently Deleted Users, Recently Enabled Users, Recently Disabled Users, Locked Out & Unlocked Users Stats, Enabled And Disabled Users, Unlocked Users, Locked Out Users, and Users Added To Distribution Groups.
This section basically provides information about Active Directory in case the AD credentials are added under Probe agent discovery settings OR in case a lightweight agent is installed on Domain Controller.
In the Active Directory Computers Report section of the Dashboard, can get the data for the Enabled Computers Ratio, Computers Risk Assessment, Active Directory Computers Detailed Table, Enabled Computers details, Disabled Computers, Computers Not Logged in 30 days, Computers with password Not Required, Computers with Non-Expiring Passwords, Computers with Expired Passwords, and LockedOut Computers.
In the Active Directory, GPO’s Report section of the Dashboard can get the data for the Active Vs Inactive GPOs, Active Directory GPOs Detailed Table, Inactive GPO’s not linked with organizational units, and Active GPOs not linked with organizational units.
In the Active Directory Groups Report section of the Dashboard, can get the data for the AD Groups Empty Vs not Empty - Ratio, Active Directory Groups Detailed Table, Groups with No Members, Groups with Members, and Privileged Access Groups.
In the Active Directory Organisational Units Report section of the Dashboard can get the data for OU, OU’s Summary, Organisational Units, Users in Organisational Units, Groups in Organisational Units, Computers in Organisational Units, and GPO in Organisational Units.
In the Active Directory Users Report section of the Dashboard, can get the data for the Recent Log onDetails, Active Users Ratio, Users Risk Assessment, Active Directory Users Detailed Table, Users not logged in 30 days, Enabled Users Details, Disabled Users Details, Users with Expired Passwords, and Users with Non- Expiring Passwords.
In the Application Baseline Report section of the Dashboard, data for the Missing Mandatory Applications and Present Denied Applications are seen.
In the Application Scan Detailed Dashboard section, can get the data for the Top Assets by Application Vulnerabilities and Application Scan Detailed Table which lists Vulnerabilities and associated details.
In the Application Vulnerabilities Detailed Dashboard section, can get the data for the Critical Vulnerabilities Details By Assets, High Vulnerabilities Details By Assets, Medium Vulnerabilities Details By Assets, and Low Vulnerabilities Details By Assets which lists Vulnerabilities and associated details.
In The Asset Detailed Dashboard section, lists the data for the Asset as an Assetan Table.
In the Assets section of the Dashboard, can get the data for the Total Assets, Asset Risk Rating, Critical Risk Vulnerabilities, High-Risk Vulnerabilities, Operating System Breakdown, Breakdown By OS-Pie, Assets Table, Assets Shortage Encryption, and Newly Discovered Assets in the last 48 hours Details.
In the Azure Active Directory Role Assignments section of the Dashboard, can get the data for the Azure Active Directory Audit Logs count, Operation Type Trend, and Azure Active Directory Audit Logs Detailed Table.
In the Azure Active Directory Role Assignments section of the Dashboard, can get the data for the Azure Active Computers count and Azure Active Directory Computers Detailed Table.
In the Azure Active Directory Role Assignments section of the Dashboard, can get the data for the Azure Active Directory Groups count, Azure Groups Security Enabled Status, and Azure Active Directory Groups Detailed Table.
In the Azure Active Directory Role Assignments section of the Dashboard, can get the data for the Azure Active Directory Microsoft Secure Score Detailed Table.
In the Azure Active Directory Role Assignments section of the Dashboard, can get the data for the Azure Active Directory Licenses Plan Detailed Table.
In the Azure Active Directory Role Assignments section of the Dashboard, can get the data for the Azure Active Directory Role Assignments count and Azure Active Directory Role Assignments Detailed Table.
In the Azure Active Directory Users Report section of the Dashboard, can get the data for the Azure AD Users count, Azure AD users enabled status, and Azure Active Directory User Detailed Table.
In the Company Assessment Report section of the Dashboard, can get the data for Assets Summary, Vulnerability Summary, Active Directory Summary, Company Risk Score Grade, Latest Company Score, Company Score Calculation, Securitand y Risk Assessment under Executive Summary, Asset Summary, under Your Asset Assessment can get Operating System Breakdown, Asset By Disk Usage, Dangers of Unsupported OS, under Endpoint Assessment can get Severity Summary, Application Vulnerability Summary, Vulnerability Summary By Operating System, Scans Endpoint Summary, under Active Directory Assessment Active Users Ratio, Enabled Vs Disabled computers, Password Policy Summary, User Risk Assessment, Active Vs Inactive GPO’s, AD Groups Empty Vs Non-Empty Ratio, Active Directory Best Practices For Users, and Active Directory Best Practices For User Accounts.
In the Compliance section of the Dashboard, can get the data across different Agents for the selected company, and graphicaa l representation of PCI-DSS Compliance, PCI-DSS Compliance Status, GDPR Compliance, GDPR Compliance Status, GPG-13 Compliance, GPG-13 Compliance Status, HIPAA Compliance, HIPAA Compliance Status, CIS Compliance, CIS Compliance Status, CIS_CSC Compliance, CIS_CSC Compliance Status, NIST 800-53 Compliance, NIST 800-53 Compliance Status, TSC Compliance, and TSC Compliance Status.
Assets can be filtered based on their names as shown below.
In the CISA Vulnerabilities section of the Dashboard, the data about Top 10 Assets for CISA Active Vulnerabilities, CISA vulnerabilities by severity, CISA Active Vulnerabilities Details By Assets, Suppressed CISA Vulnerabilities Details By Assets is presented in graphical as well as tabular format.
In the Consolidated Report section of the Dashboard, can get the data for Asset Summary, Vulnerability Summary, Active Directory Summary, Latest Company Score, Company Score Calculation, Operating System Breakdown, Top 10 Assets by Vulnerabilities, Network Scan Vulnerabilities Summary, Dangers of unsupported OS, Application Remediation Plan, Software Remediation Plan, Password Policy Summary, Active Directory Best Practices for Users Markdown, and Active Directory Best Practices for User Accounts.
In the Critical Vulnerabilities Detailed Dashboard section, can get the data for the Critical Vulnerabilities detailed report.
In the Executive Summary Dashboard section, can get the data for Total Assets, Critical Assets, High-Risk Assets, Max Vulnerability Score, Avg Vulnerability Score, Min Vulnerability Score, Attention Required Assets, Top 10 Assets by Vulnerabilities, Critical Risk Vulnerabilities, Top assets with high vulnerability risks, High-Risk Vulnerabilities, Medium Risk Vulnerabilities, Low-Risk Vulnerabilities, Newly Discovered Assets in last 48 hours, and Newly Discovered Assets in last 48 hours Details.
In the Executive Summary Report Dashboard section, can get the data for Assets Summary, Vulnerability Summary, Active Directory Summary, Risk Score, Risk Score Critieria, Security Risk Assessment, and Asset Summary → Your Asset Assessment can get Asset By Disk Usage, Operating System Breakdown, Manufacturer Asset Count, Dangers of Unsupported OS, under Endpoint Assessment can get Severity Summary, Application Vulnerability Summary, Vulnerability Summary By Operating System, Top 10 Assets by Vulnerabilities, Severity by Asset, Scans Endpoint Summary, under Active Directory Enabled Vs Disabled Users, Enabled Vs Disabled computers, Active Vs Inactive GPO’s, AD Groups Empty Vs not Empty - Ratio, Password Policy Summary, Active Directory Best Practices for Users Markdown, and Active Directory Best Practices For User Accounts.
In the Executive Summary Dashboard section, can get the data for the External Scan Summary.
In the Insecure Listening Ports Summary Dashboard section can get the data for Insecure Listening Ports.
In the Installed Programs Dashboard section can get the data for Installed Software across assets for selected company.
In the Internal Basic Scan Dashboard section, can get the data for Application Scan Assessment.
In the Jobs Dashboard section here we will get Azure_Active_Directory_Jobs, Patch_Jobs, Report_Jobs, and Scan_Jobs which can get the data related to Jobs.
In the Log4j Vulnerability Dashboard section, can get the data for Log4j Vulnerability Analysis.
In the Manufacturer by Assets Dashboard section, can get the data for Manufacturer by Assets.
In the Microsoft Support Diagnostic Tool Vulnerability Dashboard section, can get the data for MSDT Status and Microsoft Support Diagnostic Tool Vulnerability.
In the Network Scan Vulnerability Report Dashboard section, can get the data for Network Scan Open Ports.
In the Network Vulnerabilities Detailed Dashboard section, can get the data for Top 10 Assets by Network Vulnerabilities, Network Scan Vulnerabilities Detailed Table, and Network Scan Informational Table.
In the OS by Assets Dashboard section can get the data for OS by Assets.
In the Overview Dashboard section, can get the data for Openssl Critical Vulnerability (CVE-2022-3602 and CVE-2022-3786).
In the Overview Dashboard section you can get the data for Top 10 Assets by Vulnerabilities, Vulnerabilities by Assets, Application Vulnerabilities Summary, Network Scan Vulnerabilities Summary, Assets based on Operating System, LightWeight Agent Info, Newly Discovered Assets in last 48 hours, Newly Discovered Assets in last 48 hours Details.
In the PII Scan Report Dashboard, sectionthe can get the data for PII Scan Results and Non-PII Scan Assets.
In the Password Policy Summary Dashboard section, can get the data for the Password Policy Summary with Password Policy.
In the Port Level Vulnerability Report Dashboard section, can get the data for Vulnerability Title Summary, HTTP Missing Security Headers, SMB Vulnerabilities, SSL Certificate Info, and SSL/TLS Vulnerabilities.
In the Remediation Plan Summary Dashboard section, data for Remediations open, Remediations closed, Remediation open detailed table, and Remediation closures detailed table is captured.
In the Risk Score Card Dashboard section, can get the data for Risk Score, Risk Score Grade, and Risk Score Criteria.
In the Security Report Card Dashboard section, can get the data for Security Report Card and Security Scoring Criteria: Anti-virus / Anti-spyware, Local Firewall, Insecure Listening Ports, Network and Vulnerabilities.
In the Vulnerability Summary Dashboard section can get the data for Application Vulnerabilities by Assets, Vulnerabilities by Operating System, Top 10 Asset Vulnerabilities Critical, Top 10 Asset Vulnerabilities High, Top 10 Asset Vulnerabilities Medium, Top 10 Asset Vulnerabilities Low under Asset Wise Vulnerability Summary, Application Vulnerabilities Summary, Network Scan Vulnerabilities Summary and Suppressed Vulnerabilities Summary.
This section is a mix of graphical and numerical representation consisting of Critical Risk Vulnerabilities, High-Risk Vulnerabilities, Medium Risk Vulnerabilities, Low-Risk Vulnerabilities, Top assets with high vulnerability risks, and Severity by Asset.
CyberCNS also provides a Global level dashboard i.e. across all companies.
Navigate to Global View> Overview.
Asset By Company dashboard will have data about Total companies, Total Active Assets, Total Assessments, Asset Summary-Global, Company Summary-Global, Assessment Summary-Global, Asset Table-Global & Newly Discovered Assets by Companies in the last 48 hours Details.
In the CISA Vulnerabilities section of the Dashboard, can get the data for the Top 10 Assets by CISA Active Vulnerabilities, CISA Active Vulnerabilities Details By Companies, and Suppressed CISA Vulnerabilities Details By Companies.
External Scan by Company dashboard will have data about External Scan Global Summary.
This section has Log4j Vulnerability Analysis by Company dashboards.
The Log4j Vulnerability Analysis dashboard will data showcasing log4j information per company.
Network Scan Findings by Company dashboard will have data about Network Scan Findings by Company.
OpenSSL Critical Vulnerability by Company dashboard will have data about Openssl Critical Vulnerability #global (CVE-2022-3602 and CVE-2022-3786).
Overall Asset Vulnerability by Company dashboard will have data about Overall Asset Vulnerability Summary.
Overall Network Scan Findings by Company dashboard will have data about Overall Network Scan Findings Summary.
Overall Vulnerability by Company dashboard will have data about Overall Vulnerability Summary.
Patching by the Company dashboard will have data about Patching by Companies. Under this section Most Successful Patched Applications across Companies, Least Successful Patched Applications across Companies, Least Successful Patched Applications across Companies, Missed Scheduled Patches by CompanyAutomatic Patching in this Auto pending patches by Companies, Auto completed patches by Companies in this Manual pending patches by Companies, Manual completed patches by Companies data will be presented.
Remediation Summary by Company dashboard will have data about Open Remediations by the Company, Software Remediations Open by Company, Closed Remediations by the Company, and Software Remediation Closures by the Company.
The riskRisk Score Card by Company dashboard will have data about Risk score scores by Company and Risk Score Criteria.
Q: Why are Peaks and Troughs in historical trending graphs seen? How do we verify it?
Ans: Because there might be no data within the time selected (3 hours) to be seen in the trending graphs.
Graph is generated in the dashboard tool from data generated from the scan.
It could be due to 3 reasons:
If the scan scheduler is set to run every 24 hours, viewing graphs for intervals of 3 hours or 12 hours may result in no data being available. If there are scans and you have taken a graph for 24 hours (or 1 day), then it shows an unbroken continuous line graph.
The periodic scan scheduler might have been removed, leading to the absence of scans and, consequently, no data available to display in the graph.
Assets might be offline. So scans might not be detected.
To see a proper graph in a continuous way, kindly select a period of the last 90 days or the last 1 year in the dashboards as shown below:
As shown in the graphs from one of our portals, there is a clear unbroken line of data for both the last 90 days and the last 1 year.
For past 90 days:
For past 1 year:
The time period of the dashboards can be adjusted by clicking on the Time Frame Calendar icon and selecting your desired timeframe period.
This completes the documentation for Dashboard.