circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

Dashboard Overview

The NDR dashboard is a quick overview of network activity and alerts. It displays key metrics, visualizations, and summaries, allowing users to quickly monitor the network, identify potential threats, and access detailed information for further investigation. There are a total of six customizable widgets.

hashtag
Widgets

Based on your account permissions, the dashboard displays limited or all widgets.

  1. AI Detect

  2. Data Collection

  3. World Map

  4. AI Prevent

  5. Network Assets

  6. Chain of Events

hashtag
AI Detect

This widget gives an overview of all the latest notifications along with the date and time. They are categorized into four groups.

  • Only Severity (High, Medium, and Low)

  • Host with Most Notifications

  • Source Host

  • Destination Host

To use the AI Detect widget:

  1. Click a notification group in any tab to view its name and the total number of notifications. For example, they can look like “ARP scan detected” or “Port scan detected.”

  2. Click individual notifications to view the IP addresses for the Source host and the Target host.

  3. Click the hamburger menu and select Notification details to view its metadata.

  4. If a notification is irrelevant, click Whitelist from the hamburger menu.

Additional settings include Change Severity, Disable NDR AI Prevent, and Block.

Notification Limits in AI Detect

By default, the AI Detect widget shows a maximum of 1500 latest notifications. When you select a network group, the widget is limited to displaying 400 notifications per severity level.

If the total count across all networks selected is over 1500, then the notifications will be subsampled to fit the limit. This means that some irrelevant or old notifications will automatically be hidden or re-adjusted, leaving room for relevant and High-severity notifications.

hashtag
World Map

The World Map widget is a visual representation of the relative amount of network traffic going to and from the internet and its remote servers using Geo IP information.

Click on any colored country to display a table that lists the top 20 host IP addresses that accessed domains in that region, sorted by total traffic. The traffic data is based on a sliding time window, which ranges from the last 24 hours up to the past 7 days.

hashtag
Data Collection

Data Collection widget is a timeline of incoming data volume in Mbps (Megabits per second). On the right, you can view the size of uncompressed and archived metadata. Uncompressed metadata is the original, unprocessed metadata, while archived metadata is compressed data for optimal storage. The graph indicates how far back metadata is available based on these formats.

Note: Network group or Network settings do not affect data in the Data Collection graph.

You can use the time window filter option in the top menu to go further back in time to view older data. But this filter doesn't affect the compressed and archived metadata display.

If you select the Search Archived Events option on the Search page, it includes compressed metadata as well in the search results. However, the search time may take longer due to the size of the archived data.

hashtag
AI Prevent

The AI Prevent widget displays the total number of blocked devices. To view more information, click View AI Prevent Details at the bottom of the widget. This redirects you to the AI Prevent Status page, where you can view detailed information about the devices.

Note: Global Filters settings do not affect this widget.

hashtag
Network Assets

The Network Assets widget gives an overview of assets detected under different conditions. Network assets are devices or endpoints, such as computers, servers, and printer,s monitored by NDR.

  1. Total of tracked assets: The total number of assets being monitored within the selected network.

  2. Active Assets in the Last 24H: The total number of assets with network activity in the past 24 hours.

  3. Asset Discovered in the Last 24H: The number of assets detected for the first time in the past 24 hours.

For detailed information, click View More to navigate to the Network Assets page.

hashtag
Chain of Events

The Chain of Events widget provides a quick overview of a possible attack chain. It shows the total number of detected chains across devices and the number of devices involved.

hashtag
View widgets according to your Timezone

Go to the top navigation bar and click on the Timezone and Locale icon. Here, you can select and change the timezone along with other settings like Time Window. Here’s what they do.

  1. Timezone - Choose in which timezone to display timestamps.

  2. Locale - Picking a locale affects how the date and time are displayed.

  3. Time window & interval - Selecting a time window and interval different from the default will affect the information.

  4. Network - Selecting a particular network will display information for only the selected network.

hashtag
Customize Widgets

hashtag
Resize widgets

Click the bottom-right corner of any widget and drag it downwards or sideways.

hashtag
Reposition widgets

Click the title name of the widget, and once the pan tool icon appears, move it to an appropriate space.

hashtag
Hide/Show widgets

Click the customization icon at the top right corner, just below the User menu. From the drop-down list of widgets, check or uncheck the boxes to hide or show them on the dashboard.

Click Reset Layout to revert to the default dashboard layout.

Last updated

Was this helpful?