SecOps Dashboard

Learn how to use the Prisma Cloud SecOps Dashboard.
The
Dashboard
SecOps
provides a graphical view of the performance of resources that are connected to the internet, the risk rating for all accounts that Prisma Cloud is monitoring, the policy violations over time and a list of the policies that have generated the maximum number of alerts across your cloud resources. You can filter by time range, account groups, and cloud accounts to dig in and review a quick summary of your security challenges.

Monitored Accounts

This graph shows the number of accounts Prisma Cloud is monitoring.

Monitored Resources

Prisma Cloud considers any cloud entity that you work with as a resource. Examples of resources include AWS Elastic Compute Cloud, Relational Databases, AWS RedShift, Load Balancers, Security Groups, NAT Gateways The Resources graph shows the total number of resources that you currently manage. It gives you a view into the potential growth in the number of resources in your enterprise over a period of time. Hover over the graph to see data at different points in the timeline.

Open Alerts

Whenever a resource violates a policy, Prisma Cloud generates an alert to inform you of the policy violation. The Open Alerts graph displays the number of alerts that were opened within the selected time period and helps you visualize the trend across five equal time slices. The first point in the timeline represents all open alerts since the cloud account was onboarded or up to the preceding 3 years of the selected time range.
In each slice, the count includes alerts that are opened or have remained open through the period using the last updated status. When an alert is closed or dismissed, the last updated status is reset and this change determines whether or not the alert is counted within a time slice.

Top Instances by Role

This graph summarizes top open ports in your cloud environments and the percentage of the traffic directed at each type of port. The purpose of this graph is to show what types of applications (web server, database) the top workloads are running.

Alerts by Severity

Alerts are graphically displayed and classified based on their severity into High, Medium, and Low. By clicking on the graph, you can directly reach the alerts section.

Policy Violations by Type over Time

This graph displays the type of policy violations—network, configuration, audit event—over a period of time. The redirections of counts to alerts page may not match as this chart shows only the new created (open) alerts in a time chunk while after redirection you may only see those alerts which haven’t changed status to resolved/dismissed and are still open. (Please feel free to change the language here).

Top Policy Violations

This graph displays the alerts generated by each type of policy over a period of time.

Top Internet Connected Resources

This graph displays top internet connected workloads by role, so you know which workloads are connecting to the Internet most of the time and are prone to malicious attacks. For this report, ELB & NAT Gateway data are filtered out, but includes data from other roles. The data in this chart is based on the account and the time filter.

Connections from the Internet

On a world map, you can see the inbound and outbound connections to different workloads across the globe , so that you visualize where the connections are originating from and see whether the traffic is regular internet traffic, suspicious traffic and all accepted traffic from suspicious IP addresses.
By default, the map shows aggregated numbers by specific regions in the map but you can zoom in on any of the regions in the map a get more granular detail on the specific location.
You can use the multi-select filter option available on the map to only present information for the type of workload(s) you are interested in viewing traffic for. By default, traffic to destination resources that are allowed to accept inbound connections such as NAT Gateways, ELB, Web Servers, and HTTP traffic is filtered out.
To see the network graph representing connections, click on any of the connections from a specific region and get redirected to the Investigate page to see the network graph. The network query will have the IP address, destination resources and the time filters carried forward so you can pin point to a specific incident.

Recommended For You