MOREAL dashboards provide an overall view of the “health” and activity in a monitored network. The displayed widgets have been carefully selected to cover the most important events occurring in a network including threat events and application-level events. The dashboards may be the starting point for an analyst before drilling down to more specific areas of the network, such as focusing in a specific workstation, or reviewing published alerts.

Customized dashboards are available for every hierarchical level in a network (organization, branch and device-levels) as well as for Managed Security Service Providers (MSSPs – customers having an overview of more than one organization).

Dashboard widgets

The Dashboards are constructed by selected blocks of information named widgets.

• Sparkline widgets : The sparkline graphs are constructed by discrete values in the selected time context (last 24 hours, last 7 days, last 30 days). Along the main curves, a secondary “faint” line shows the trend (a moving average) of the given metric. A colored dot appears on the accented line every time there is a change bigger than 25% compared to the previous value. The current value and the proportional difference of the current from the last value (e.g. “+25%” means that this metric increased by 25%) are displayed next to the title of each widget.
• Top-N Lists : These lists show the top attributes or entities by a given metric. For example, the top network ports appearing in threat events along with the number of events per each port.

For more information, regarding the meaning of metrics displayed in the listed widgets please consult the “MOREAL Metrics” article.

The following pages describe each dashboard level and how to interpret the displayed widgets.

• Managed Security Service Providers (MSSPs) Dashboard
• Organization-level Dashboard
• Branch-level Dashboard
• Device-level Dashboard