Learn how to use the Prisma Cloud SecOps Dashboard.
The
Dashboard
SecOps
provides a graphical
view of the performance of assets that are connected to the Internet,
the alerts by policy type over time, the alerts by severity, and
the policy violations over time. You can filter by time range, account
groups, and cloud accounts to dig further and see a quick summary
of your security challenges.
Top Assets by Role
This graph summarizes top open ports in your cloud environments
and the percentage of the traffic directed at each type of port.
The purpose of this graph is to show what types of applications
(web server, database) the top workloads are running.
Alerts by Severity
Alerts are graphically displayed and classified based
on their severity into High, Medium, and Low. By clicking on the
graph, you can directly reach the alerts section.
Alerts by Policy Type over Time
This graph displays the type of policy violations—network,
configuration, audit event—over a period of time. The redirections
of counts to alerts page may not match as this chart shows only
the new created (open) alerts in a time chunk while after redirection
you may only see those alerts which haven’t changed status to resolved/dismissed
and are still open.
Top Alerts
This graph displays the alerts generated by each type
of policy over a period of time.
Monitored Assets
Prisma Cloud considers any cloud entity that you work
with as an asset. Examples of assets include AWS Elastic Compute
Cloud, Relational Databases, AWS RedShift, Load Balancers, Security
Groups, NAT Gateways The Assets graph shows the total number of
assets that you currently manage. It gives you a view into the potential
growth in the number of assets in your enterprise over a period
of time. Hover over the graph to see data at different points in
the timeline.
Monitored Accounts
This graph shows the number of accounts Prisma Cloud
is monitoring.
Open Alerts
Whenever a resource violates a policy, Prisma Cloud
generates an alert to inform you of the policy violation. The Open
Alerts graph displays the number of alerts that were opened within
the selected time period and helps you visualize the trend across
five equal time slices. The first point in the timeline represents
all open alerts since the cloud account was onboarded or up to the
preceding 3 years of the selected time range.
In each slice, the count includes alerts that are opened or have
remained open through the period using the last updated status.
When an alert is closed or dismissed, the last updated status is
reset and this change determines whether or not the alert is counted
within a time slice.
Top Internet Connected Assets
This graph displays top Internet connected assets by
traffic type, so you know which workloads are connecting to the
Internet most of the time and are prone to malicious attacks. For
this report, ELB & NAT Gateway data are filtered out, but includes
data from other assets.
Connections from the Internet
On a world map, you can see the inbound and outbound
connections to different workloads across the globe , so that you
visualize where the connections are originating from and see whether
the traffic is regular internet traffic, suspicious traffic and
all accepted traffic from suspicious IP addresses.
By default, the map shows aggregated numbers by specific regions
in the map but you can zoom in on any of the regions in the map
a get more granular detail on the specific location.
You can use the multi-select filter option available on the map
to only present information for the type of workload(s) you are
interested in viewing traffic for. By default, traffic to destination
resources that are allowed to accept inbound connections such as
NAT Gateways, ELB, Web Servers, and HTTP traffic is filtered out.
To see the network graph representing connections, click on any
of the connections from a specific region and get redirected to
the Investigate page to see the network graph. The network query
will have the IP address, destination resources and the time filters
carried forward so you can pin point to a specific incident.