About SEM widgets in the legacy Flare console
This section provides general information about widgets in the legacy Flare console.
Widgets present important high-level information in an easy-to-read graphical format, such as a chart or a graph. They provide special dashboard functionality, such as displaying real-time information about network activity, or providing tools for investigating events and related details.
SEM provides a library of widgets, and you can create your own using filters you have customized to monitor specific activity. If your widget includes charts, you can click a specific line, bar, or pie wedge to open the source filter. The corresponding filter opens the Monitor view, and displays the targeted filter information. The filter lists only the events that correspond with the selected chart item.
See Open a filter from a widget for information about using widget filters.
On the SEM Console, widgets are primarily displayed in OpsCenter View. You can add and arrange widgets on this page as needed to help troubleshoot network issues and recognize potential problems before they occur. Widgets also appear in Monitor view and Explore > nDepth view.
- In Monitor view, widgets allow you to view graphical views of your filters along with their grid-based views. See for more information.
- In nDepth view, each widget represents a high-level graphical view of the specific network activity associated with your nDepth search results. See Using nDepth widgets in SEM for details.
You can edit or remove existing widgets, or rearrange widgets to meet your personal preferences. Widgets can be resized, but sizes and aspect ratios are enforced to keep the Ops Center tidy and organized.
To get started with widgets, click a widget and review its ToolTips for more information, or use the control options on the toolbar to change the widget setting display format.
The following table describes the function of each button on a widget toolbar.
Opens the widget in the Widget Builder to edit the settings.
Rotates the widget interface to display the presentation format settings.
Refreshes the widget data.
Maximizes the widget to full-screen mode.
Deletes the widget from the dashboard (in normal dashboard mode)
When you edit a rotated (or flipped) widget, it closes the widget edit mode and returns it to the normal desktop view.
Opens the widget legend.
View specific widget data
Widget graphs and charts display basic high-level information. Each widget includes tooltips that provide specific data about each bar, line, or wedge in the chart. This information is typically the reported event, event group, or event field and its corresponding occurrences.
To view specific chart data, mouse over a bar, line, or pie slice and the tooltip appears, providing specific data about your targeted item.
Refresh widget data
On the widget toolbar, click refresh to display the latest data from your network. Widgets automatically refresh according to the refresh rate configured in the widget. If a widget has a slow refresh rate (as indicated at the bottom of the widget), you can click refresh or edit the Refresh setting in the widget. Refreshing a widget displays the most current real-time data from your network traffic.
View a widget legend
Each widget bar chart, graph, and pie chart includes a legend that defines the items in the illustration. Click to view the legend.
Widgets that ship with the SEM console
The following table describes the widgets that ship with the SEM console.
Displays all events from all filters.
|Events by Event Type||Displays a count of the top 10 events by event type (event name).|
|Events by Connector Name||Displays the number of events captured by each configured connector, over time.|
|Events per Minute||Displays the total count of events per minute for the last 15 minutes.|
|Change Management||Displays events related to changes occurring on the network.|
|Change Management Events by Agent||Displays the top 10 Agents generating change management events|
|Change Management Events by Type||Displays the top 10 change management events by event type.|
|Failed Logons||Displays all user account failed logon attempts.|
|Failed Logons by User Account||Displays the top five failed logons by user account name.|
|File Audit Failures||Displays
|File Audit Failures by File Name||Displays the top 10 file names generating file audit failures.|
|File Audit Failures by Source Account||Displays the top 10 source accounts generating file audit failures.|
|Firewall||Displays all events from firewall devices.|
|Firewall Events by Firewall||Displays the top five firewalls generating firewall events|
|Firewall Events by Type||Displays the top five firewall events by event type.|
|Incidents||Displays all Incident events.|
|Incidents by Rule Name||Displays the top five incidents by the name of the rule that generated the Incident.|
|Interactive Logons by User Account||Displays the top 10 user logons by user account name.|
|My Rules Fired by Rule Name||Displays the top five subscribed events by the name of the rule that generated them.|
|Network Events||Displays all Network events.|
|Network Events by Source Machine||Displays the top 10 machines generating network events.|
|Network Event Trends||Displays the top 10 network-related events by event type.|
|Rule Activity||Shows all the rules that have fired.|
|Rules Fired by Rule Name||Displays the top five rules fired by rule name.|
|Security Processes||Displays process launches and exits from processes in the "Security Processes" User-Defined Group, which is used to monitor critical security-related processes.|
|Security Processes by Agent||Displays the top 10 Agents generating security process events.|
|Subscriptions||Displays events created by rules you are "Subscribed" to in the Rules area.|
|SEM Events||Displays all Internal events (events generated during operation of the SEM).|
|Unusual Network Traffic||Displays events that indicate unusual or suspicious network traffic.|
|Unusual Network Traffic by Destination||Displays the top five destinations for unusual network traffic.|
|Unusual Network Traffic by Source||Displays the top 10 sources of unusual network traffic.|
|USD Defender||Displays all USB-Defender events.|
|USB-Defender Activity by Detection IP||Displays the top 5 Agents with the most USB-Defender events.|
|USB File Auditing||Displays USB-Defender's File Auditing events.|
|USB File Auditing by Detection IP||Displays the top five Agents with the most USB file auditing events.|
|User Logons||Displays all user account logons|
|User Logons by Agent||Displays the top five Agents reporting user logons.|
|User Logons by Source Machine||Displays the top five user logons by source machine.|
|User Logons by User Account||Displays the top 10 user logons by user account name.|
|User Logons (Interactive)||Displays interactive user account logons.|
|Virus Attacks||Displays all virus attack events.|
|Virus Attacks by Source Machine||Displays the top 5 sources of virus attacks or infections.|