Documentation forSecurity Event Manager

Available SEM widgets

The following table describes the customizable widgets that ship with the SEM Console.

Widget Description
Active Directory Group Changes by Group Displays a donut chart of group changes by group name.
Active Directory Group Changes by Type Displays a donut chart of group changes by event type.
Active Directory Group Changes by User Displays a pie chart of group changes by user source account.
Active Directory User Changes by Type Displays a donut chart of user account changes by event type.
All Events - Last 12 Hours Displays a time series view of all events occurring in the last 12 hours.
All Events - Last 24 Hours Displays a time series view of all events occurring in the last 24 hours.
All Events by Connector Name Displays a pie chart of all events by connector name using the ToolAlias log property.
All Events by Event Type Displays a donut chart of the number of all event types.
Blocked Web Traffic by Source Machine Displays a donut chart of the top sources of blocked web traffic.
Events Per Second - Last Hour Displays the total count of events per second for the past hour.
File Audit Failures by User Displays a donut chart of the file audit failure events by user.
Firewall Events by Type Displays a donut chart of the top firewall events by event type.
Grouped events by IP Displays a donut chart of group events by detection IP.
HIPAA Events by Type Displays a pie chart of top HIPAA events by event type.
Incidents by Rule Name Displays a pie chart of incidents by inference rule.
Interactive Logons by User Displays a vertical bar chart of user logons by destination account.
KPI Displays key performance indicators (KPIs) related to SEM appliance performance, including EPS and resource consumption.
Log Database Used Storage Percent Displays the logs/data used percentage (KPI widget) with an 80 percent warning threshold and a 90 percent critical threshold.
Logon Failures - Last 24 Hours Displays a time series chart of failed logons for the past 24 hours.
Logon Failures by Reason Displays a pie chart of failed logons by failure reason.
Logon Failures by Source Machine Displays a pie chart of failed logons by destination machine.
Logon Failures by User Displays a horizontal bar chart of failed logons by destination account.
Node Health Displays a table of the latest events from monitored network nodes.
PCI Events by Type Displays a donut chart of the top PCI events by event type.
Proportional Displays log data using pie, bar, and donut charts.
Rules Fired by Rule Name Displays a pie chart of rule activity by inference rule.
Scheduled query severity per tag

Displays a pie chart with the total number of severities (such as Critical, Warning, and OK) for each tag.

Scheduled query table severity per tag

Displays a table with a list of severities for each tag. The table includes the query name, severity, event count, and execution date.

Table

Displays a table with a list of selected nodes.

Time Series - Long Term

Adds key metrics related to long term SEM appliance performance, including EPS and resource consumption.

Time Series - Short Term

Adds key metrics related to short term SEM appliance performance, including EPS and resource consumption.

Threat Events by Type Displays a pie chart of threat events by event type.
Traffic by Destination Port Displays a vertical bar chart of all network traffic by destination port.
Traffic by Source Port Displays a vertical bar chart of all network traffic by source port.
User Account Changes by Destination Account Displays a horizontal bar chart of all user account changes by destination account.
User Account Changes by Source Account Displays a horizontal bar chart of all user account changes by source account.
User Logon by Source Machine Displays a donut chart of all user logons by source machine.
User Logon by User Displays a donut chart of user logons by destination account.
Virus Attacks by Machine Displays a pie chart of virus attacks by source machine.
Virus Attacks by Virus Name Displays a pie chart of virus attacks by virus name.