2.5.1 Creating and editing Dashboards
- Yuriy Ostrovskiy (Deactivated)
Hello. In this video you will learn how to customize existing dashboards and visualizations or create new ones in ACDI.
Let's customize one of existing dashboards, for instance, the NetIQ Audit Dashboard.
Here you can see visualization placed on canvas and at the bottom there is a search.
Let’s enable editing and then click on the gear symbol in the top right corner of each visualization you want to customize.
Let’s assume you want to see only user changes in this visualization. Click “Edit visualization.” Now you are in the visualization editor.
On your right side you see the settings for this visualization that can be changed—buckets, metrics, and other settings.
More information about changes, visualizations, and search settings can be found on Opensearch, on the “Documentation” page. Back to ACDI.
For example, you want to add an additional filter to see the changes for only the object class “User.”
Please remember that the search is strictly case sensitive. You can use “object class.keyword” or search by an object class attribute.
Here you need to select “Operator.”
In this case, the object class is “User.” Let’s save the settings.
In front of you now is the live chart displaying changes for a user. There are also “Event: True” and “connected system.” What is “Event: True?”
Each event that comes to ACDI is processed either by the ACDI driver if it's eDirectory or by ACDI Event Service if it’s Active Directory. So, then ACDI receives an event, for instance “Add,” and you can see that one event contains multiple attributes inside it.
When a user is created, you’ll need to define the given name, CN, and surname as it's mandatory. However, you are able to also add an additional information about this user
That's why in an event that has “Event: true,” the main object of event contains the event doc (an XML which contains full information about the event).
You get one object with “Event: true” and as many objects with “Event: false” as there are attributes you have in an event.
To perform event calculations, you need to use filter “Event: true.” However, if you need to get the name of an attribute and its values, “Event: false” must be used.
The filter “Connected system: Audit” — what does this mean?
For eDirectory, ACDI provides two types of monitoring packages. First and foremost is the ACDI Driver. It gives you information about changes of objects in the eDirectory according to the filter you have set up in driver. The second option is the third-party driver monitors.
When you configure a driver monitor, you must define a unique name for the connected system that you will later use to create visualizations and reports for those monitors. By default there are dashboards for the main driver, which are NetIQ, NetIQ Audit Dashboard, and also a dashboard for driver monitors.
Here you see that in the NetIQ Driver Dashboard there is data with the connected system “Active Directory1” and HR.
This is the data received from the monitor packages in Active Directory and the loopback driver named “HR.” Let's go back to customizations and repeat the settings actions done previously.
OK, you want to use the customized visualization in your new dashboard. Click “Save as”
Use the switcher to enable “Save as new visualization” and customize its name.
There is no need to add this visualization to default dashboard, so here you need to disable the feature. Save the settings. Now you are all set to create a new dashboard.
To create a new dashboard, you must go to “Manage” in the menu bar on your left and choose “Create Dashboard.”
You already have one visualization – “Audit Events custom,” which you have just updated and you can add it to this new dashboard’s canvas.
There are also a few more visualizations, and you may want to add them to the dashboard as well. Click on each of them and you see that they are being added to the canvas.
You may also want to add some other visualizations such as data tables. If you are OK with the margins, you can leave them as they are or disable them.
It’s also possible to move visualizations and search blocks all around the canvas and change their appearance.
You can edit visualizations and searches if need be and, hence, get the data presentation desired.
Let's now save the dashboard. Here is the option to store time you’ve selected in dashboard.
Let's update it for “Last 24 hours.” Okay, now it looks much better. Click “Save.” Give your dashboard a name and save the settings.
After refreshing the page, you can see your dashboard has appeared in the list of ACDI dashboards.
If you want to add it to the submenu, you need to go to “Administration,” then to “Audit Server.” Here you need to choose “Dashboards Menu.”
Now you can copy a dashboard or add a new one.
Let’s use “Custom” as a tag – “Custom Dashboards.” Click “Save.” Refresh the page and you can now see the submenu has appeared in main menu on your left.
To finish placing your custom dashboard as the submenu, you need to edit it in the Editor mode. You can change the Display Name, Description, and also define an icon. The icon is a base64 encoded image with one-seventeen by one-seventeen resolution. It is possible to select a color using the color picker, for example, green. Additionally, you need to add some tags.
All dashboards that will have the tag “Custom” will be placed into “Custom Dashboards” submenu. Here you enter “Custom,” press “Enter” on your keyboard, add other tags if you need, and click “Save.” After you refresh the page, you will see your dashboard. Here it is.
After you refresh the page, you will see your dashboard. Here it is.
You can create new visualizations by clicking “Create new.”
Here is the list of available visualizations.
More information about all these visualizations and how to use them you will find in Opensearch, on the “Documentation” page.
Let's select a visualization and choose a source. The source is either search or index patterns. All data from events are stored in indices. Index patterns starting with “audit default” are from the eDirectory and “audit ad” are from Active Directory. If you decide to configure more than one connection, the name of connection will include the word “audit.”
When trying to save the changes, you can see that the time settings are set to “last 15 minutes.”
Let’s change it back to “Last 24 hours.” Now the dashboard is up to date.
So, this is how you can create and edit dashboards in ACDI. We hope this video was helpful. Thank you for your attention and take care.
Should you have any questions or require any assistance, please do not hesitate to contact us at any time swsupport.skypro@skypro.ch