Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Dashboard Overview

    The Junos Space Security Director dashboard provides a unified overview of the system and network status retrieved from SRX Series devices. You can drag widgets from the carousel at the top of the page to your workspace, where you can configure them to meet your needs. When you install Security Director with Junos Space Log Director, the new Log Director dashboard is displayed.

    To display the dashboard, select Security Director > Dashboard. The carousel displays all the widget thumbnails by default. You can customize your dashboard as per your needs. For example, you can configure a widget to display a graph with the top 10 applications with the most sessions in the last hour.

    Click the refresh icon to update the dashboard or an individual widget. To change the automatic refresh interval, select an interval from the drop-down list, which ranges from 5 minutes up to 7 days. To add a widget to the Dashboard, drag the widgets from the palette or thumbnail container into the workspace. To delete a widget, click X icon in the title bar.

    In addition, you can use the dashboard to:

    • Navigate to the Devices page from the devices widgets by clicking the More Details link.
    • Navigate to the Alarms page from devices most alarms widgets by clicking the More Details link.
    • Navigate to the Events and Logs page from an event-based widget.

    The dashboard page automatically adjusts the placement of the widgets to dynamically fit on the browser window without changing the order of the widgets. You can manually reorder the widgets using the drag and drop option. The widget can be reordered or moved by holding the top header section of the widget.

    Note: If you are using Policy Enforcer and Sky ATP with Security Director, additional widgets are added to the dashboard. See Policy Enforcer Dashboard Widgets for those widget descriptions.

    Starting in Junos Space Security Director Release 17.1, Application Top Application by Volume, IP Top Source IPs by Volume, IP Top Spams By Source IPs, Web Filtering Top Blocked Websites, Virus Top Blocked, and IP Top Source IPs by Sessions widgets are added.

    Table 1: Widgets

    Widget

    Description

    Devices Count By Platform

    Displays device count grouped by platform.

    Devices Count By OS

    Displays device count grouped by operating system.

    Device Count By Status

    Displays device count grouped by the system status (Up/down).

    Firewall Top Denies

    Displays top requests denied by the firewall based on their source IP addresses, sorted by count.

    Firewall Top Events

    Displays top firewall events of the network traffic, sorted by count.

    IPS Top Events

    Displays top IPS events of the network traffic, sorted by count.

    Applications most sessions

    Displays the applications with the most sessions.

    IP Top Destinations

    Displays top destination IP addresses of the network traffic, sorted by count.

    IP Top Sources

    Displays top source IP addresses of the network traffic, sorted by count.

    Devices Most CPU Usage

    Displays devices with maximum CPU utilization, sorted by count.

    Devices Most Memory Usage

    Displays devices with maximum memory utilization, sorted by count.

    Devices Most Storage

    Displays devices with most storage usage, sorted by count.

    Firewall Policy Rules with No Hits

    Displays firewall policies with the most rules not hit, sorted by count.

    Devices Most Bandwidth by Bytes

    Displays devices consuming maximum bandwidth in bytes.

    Zones Most Bandwidth by Bytes

    Displays zones with maximum throughput rate in bytes, sorted by incoming and outgoing bytes.

    Devices Most Dropped Packets

    Displays firewall devices with maximum number of packet drops, sorted by count.

    Zones Most Dropped Packets

    Displays firewall zones with maximum number of packet drops, sorted by count.

    Devices Most Bandwidth by Packets

    Devices with maximum throughput rate in packets, sorted by incoming and outgoing packets.

    Zones Most Bandwidth by Packets

    Displays zones with maximum throughput rate in packets, sorted by incoming and outgoing packets.

    Devices Most Sessions

    Displays devices with the most number of sessions, sorted by count.

    Devices Most Alarms

    Displays devices with maximum number of alarms, sorted by count.

    Threat Map Virus

    Displays world map showing total virus event count across countries.

    Threat Map IPS

    Displays world map showing total IPS event count across countries.

    Application Top Application by Volume

    Displays top applications based on volume or bandwidth.

    IP Top Source IPs by Volume

    Displays top source IP addresses of the network traffic by volume or bandwidth.

    IP Top Spams By Source IPs

    Displays top source IP addresses for spams.

    Web Filtering Top Blocked Websites

    Displays blocked websites, sorted by count.

    Virus Top Blocked

    Displays blocked viruses, sorted by count.

    IP Top Source IPs by Sessions

    Displays top source IP addresses of the network traffic by sessions.

    NAT Top Source Translation Hits

    Displays the Network Address Translation (NAT) rule names with most hits for source NAT.

    NAT Top Destination Translation Hits

    Displays the NAT rule names with most hits for destination NAT.

    Policy Enforcer adds widgets to the dashboard that provide a summary of all gathered information on compromised content and hosts. Drag and drop widgets to add them to your dashboard. Mouse over a widget to refresh, remove, or edit the contents.

    In addition, you can use the dashboard to:

    • Navigate to the File Scanning page from the Top Scanned Files and Top Infected Files widgets by clicking the More Details link.
    • Navigate to the Hosts page from the Top Compromised Hosts widget by clicking the More Details link.
    • Navigate to the Command and Control Servers page from the C&C Server Malware Source Location widget.

    Note: C&C and GeoIP filtering feeds are only available with the Cloud Feed or Premium license.

    Table 2: Policy Enforcer Widgets

    Widget

    Definition

    Top Malware Identified

    A list of the top malware found based on the number of times the malware is detected over a period of time. Use the arrow to filter by different time frames.

    Top Compromised Hosts

    A list of the top compromised hosts based on their associated threat level and blocked status.

    Top Infected File Types

    A graph of the top infected file types by file extension. Examples: exe, pdf, ini, zip. Use the arrows to filter by threat level and time frame.

    Top Infected File Categories

    A graph of the top infected file categories. Examples: executables, archived files, libraries. Use the arrows to filter by threat level and time frame.

    Top Scanned File Types

    A graph of the top file types scanned for malware. Examples: exe, pdf, ini, zip. Use the arrows to filter by different time frames.

    Top Scanned File Categories

    A graph of the top file categories scanned for malware. Examples: executables, archived files, libraries. Use the arrows to filter by different time frames.

    C&C Server and Malware Source

    A color-coded map displaying the location of Command and Control servers or other malware sources. Click a location on the map to view the number of detected sources.

    Table 3 provides the source of information for each widget type on dashboard.

    Table 3: Information Source for the Widgets

    Widget Type

    Source

    Firewall Top Events

    syslog

    Applications Most Sessions

    syslog

    IP Top Destinations

    syslog

    IP Top Sources

    syslog

    Top Firewall Denies

    syslog

    IPS top events

    syslog

    Threatmap virus

    syslog

    Threatmap IPS

    syslog

    NAT Top Source Translation Hits

    syslog

    NAT Top Destination Translation Hits

    syslog

    Application Top Application by Volume

    Application visibility

    IP Top Source IPs by Volume

    Source IP visibility

    IP Top Spams By Source IPs

    syslog

    Web Filtering Top Blocked Websites

    syslog

    Virus Top Blocked

    syslog

    IP Top Source IPs by Sessions

    Source IP visibility

    Firewall policy: Rules with no hits

    Firewall Rule Hit count

    Devices Most CPU Usage

    SRX device polling

    Devices Most Memory Usage

    SRX device polling

    Devices Most Sessions

    SRX device polling

    Devices Most Bandwidth By Bytes

    SRX device polling

    Zones Most Bandwidth By Bytes

    SRX device polling

    Devices Most Dropped Packets

    SRX device polling

    Zones Most Dropped Packets

    SRX device polling

    Devices Most Bandwidth By Packets

    SRX device polling

    Zones Most Bandwidth By Packets

    SRX device polling

    Devices Most Storage

    SRX device polling

    Device Count By Platform

    Space Platform/ SD Devices

    Device Count By OS

    Space Platform/ SD Devices

    Device Count By Status

    Space Platform/ SD Devices

    Note: In Junos Space Security Director Release 16.2R1, the following widgets display the device statistics for the root device and not for the logical systems (LSYS):

    • Devices Most CPU Usage
    • Devices Most Memory Usage
    • Devices Most Sessions
    • Devices Most Bandwidth by Bytes
    • Zones Most Bandwidth by Bytes
    • Devices Most Dropped Packets
    • Zones Most Dropped Packets
    • Devices Most Bandwidth by Packets
    • Zones Most Bandwidth by Packets
    • Devices Most Storage

    Understanding Role-Based Access Control for the Dashboard

    Role-based access control (RBAC) has the following impact on the dashboard:

    • You must have Security Analyst or Security Architect role or have permissions equivalent to that role to access the dashboard.
    • You must have the required permissions to edit dashboard widgets. The user role under Administration > Users & Roles must have Event Viewer > Edit DashBoard option enabled to edit the settings on dashboard widgets.
    • You must have Administration > Users & Roles > Event Viewer > View Device Logs option enabled to view or read logs.

    Release History Table

    Release
    Description
    Starting in Junos Space Security Director Release 17.1, Application Top Application by Volume, IP Top Source IPs by Volume, IP Top Spams By Source IPs, Web Filtering Top Blocked Websites, Virus Top Blocked, and IP Top Source IPs by Sessions widgets are added.
    In Junos Space Security Director Release 16.2R1, the following widgets display the device statistics for the root device and not for the logical systems (LSYS):

    Modified: 2017-11-26