We use IBM QRadar as our SEIM, and one of the features we need is the ability to create interactive dashboards. As an example In Splunk I have a single "User Activity" dashboard at the top there are 2 free form fields where i can enter say a userID or userName, then a second field that allows me to select a date or date range, then click Search. In the lower section I have a table widget that shows me a listing of proxy activity (For that user/time frame), another table widget showing Active Directory logs, a time chart showing badge/door entry logs, a GeoMap of user access logs (in cases of VPN or external site access), a simple bar chart showing most frequently accessed internal IP addresses, and another table widget showing basic information about the user.
Why is it useful?
|Who would benefit from this IDEA?||Anyone hoping to use the QRadar tool as a primary means of coorelating log data into a single pane of glass.|
How should it work?
Ideally there would be a top section with configurable time frames, and other parameters (manual entry, lookup lists, dropdowns, multiple choice) whatever, and the embedded charts would search the data and update dynamically based on what the user selects
|Priority Justification||This is important to us as we transition from Splunk to Qradar. We are accustomed to having these capabilities and it is limiting the value we can obtain by aggregating all of our important logs into the Qradar platform.|
|Customer Name||Eric Randall (Ascena Retail Group)|