SecOps Dashboard
Learn how to use the Prisma Cloud SecOps Dashboard.
The provides a graphical view of the performance of assets that are connected to the Internet, the alerts by policy type over time, the alerts by severity, and the policy violations over time. You can filter by time range, account groups, and cloud accounts to dig further and see a quick summary of your security challenges.
Top Assets by Role
This graph summarizes top open ports in your cloud environments and the percentage of the traffic directed at each type of port. The purpose of this graph is to show what types of applications (web server, database) the top workloads are running.
Alerts by Severity
Alerts are graphically displayed and classified based on their severity into Critical, High, Medium, Low and Informational. By clicking on the graph, you can directly reach the alerts section.
Alerts by Policy Type over Time
This graph displays the type of policy violations—network, configuration, audit event—over a period of time. The redirections of counts to alerts page may not match as this chart shows only the new created (open) alerts in a time chunk while after redirection you may only see those alerts which haven’t changed status to resolved/dismissed and are still open.
Top Alerts
This graph displays the alerts generated by each type of policy over a period of time.
Monitored Assets
Prisma Cloud considers any cloud entity that you work with as an asset. Examples of assets include AWS Elastic Compute Cloud, Relational Databases, AWS RedShift, Load Balancers, Security Groups, NAT Gateways The Assets graph shows the total number of assets that you currently manage. It gives you a view into the potential growth in the number of assets in your enterprise over a period of time. Hover over the graph to see data at different points in the timeline.
Monitored Accounts
This graph shows the number of accounts Prisma Cloud is monitoring.
Open Alerts
Whenever a resource violates a policy, Prisma Cloud generates an alert to inform you of the policy violation. The Open Alerts graph displays the number of alerts that were opened within the selected time period and helps you visualize the trend across five equal time slices. The first point in the timeline represents all open alerts since the cloud account was onboarded or up to the preceding 3 years of the selected time range.
In each slice, the count includes alerts that are opened or have remained open through the period using the last updated status. When an alert is closed or dismissed, the last updated status is reset and this change determines whether or not the alert is counted within a time slice.
Top Internet Connected Assets
This graph displays top Internet connected assets by traffic type, so you know which workloads are connecting to the Internet most of the time and are prone to malicious attacks. For this report, ELB & NAT Gateway data are filtered out, but includes data from other assets.
Connections from the Internet
On a world map, you can see the inbound and outbound connections to different workloads across the globe , so that you visualize where the connections are originating from and see whether the traffic is regular internet traffic, suspicious traffic and all accepted traffic from suspicious IP addresses.
By default, the map shows aggregated numbers by specific regions in the map but you can zoom in on any of the regions in the map a get more granular detail on the specific location.
You can use the multi-select filter option available on the map to only present information for the type of workload(s) you are interested in viewing traffic for. By default, traffic to destination resources that are allowed to accept inbound connections such as NAT Gateways, ELB, Web Servers, and HTTP traffic is filtered out.
To see the network graph representing connections, click on any of the connections from a specific region and get redirected to the Investigate page to see the network graph. The network query will have the IP address, destination resources and the time filters carried forward so you can pin point to a specific incident.
