Logging, Monitoring & Intrusion Detection

FireEye Events Dashboard

by Josef Weiss
July 23, 2014

This dashboard displays a summary status of FireEye events, providing an overview of collected events using several techniques. This event data provides the analyst with many different methods to quickly respond to triggered alerts.

SSH Detection Dashboard

by Michael Willison
July 18, 2014

SSH Detection Dashboard screenshot
This dashboard provides information on SSH remote access vulnerabilities, exploits, and network traffic flow. SSH (Secure Shell) is used by *nix, Mac OS, and Windows to remotely manage other devices on the network.

Tenable Admin

by Josef Weiss
July 10, 2014

This dashboard provides an administrative overview of Tenable Applications, and highlights potential problems. These eight components provide indications to common problems, and allow the administrator to quickly take action to resolve concerns, and to minimize the potential loss of vulnerability or event data.

Event Analysis

by Josef Weiss
June 24, 2014

This dashboard contains a series of components that provide an analysis of collected events over time.

Passive Network Forensics

by David Schwalenberg
April 30, 2014

Passive Network Forensics Dashboard Screenshot
This dashboard presents information passively detected over the last 72 hours, such as summaries of domains accessed and indicators of suspicious network activity. This information can be helpful for network monitoring and forensics.

PVS Trust Relationships

by Josef Weiss
March 11, 2014

This dashboard presents trust relationships between clients and servers that have been passively gathered via PVS plugins 3 and 15. These plugins collect data on internal client trusted client connections and internal server trusted connections. Results are sorted by TCP port and displayed in a series of matrix indicators within the individual components. Viewing plugin output provides insight into devices that are establishing trusted connections to each other.

Event Vulnerabilities

by Cody Dumont
February 13, 2014

Event Vulnerabilities Screen Shot
This dashboard highlights the vulnerabilities discovered from the events collected from the Log Correlation Engine (LCE). Using exploitable vulnerability and vulnerability trending graphs, this dashboard helps security managers identify vulnerabilities without scanning the remote systems.

Event Vulnerability Indicators

by Cody Dumont
January 30, 2014

Event Vulnerability Indicators Screen Shot
The dashboard contains a series of components that provide an easy way to view vulnerabilities identified by the Log Correlation Engine (LCE). By using different color schemes, the user is able to identify quickly which vulnerabilities pose more risk than others.

NERC – (CIP-002) Identification of Critical Cyber Assets

by Cody Dumont
January 2, 2014

 CIP-002 Identification of Critical Cyber Assets
For organizations that are required to be NERC compliant, SecurityCenter can lead the way to compliance. The first focus area is the “Identification of Critical Cyber Assets”. SecurityCenter uses Log Correlation Engine (LCE), Passive Vulnerability Scanner (PVS), and Nessus to identify assets. When using the complete Tenable family of products, an organization can easily identify all critical assets and all associated assets.

Fortinet Firewall Dashboard

by Josef Weiss
December 5, 2013

This dashboard is a series of components that provide basic analysis of Fortigate devices.

The top three components offer trending data in regard to allowed connections, blocked connections, and sessions that have timed out. This easy to read graph can alert the analyst to potential connection-based anomalies.

The Data Events component displays the total number of TCP, UDP, and ICMP allowed/blocked connections over the last 24 hours.