Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Dashboard Overview

 

The Junos Space Security Director dashboard provides a unified overview of the system and network status retrieved from SRX Series devices. You can drag widgets from the carousel at the top of the page to your workspace, where you can configure them to meet your needs. When you install Security Director with Junos Space Log Director, the new Log Director dashboard is displayed.

To display the dashboard, select Security Director > Dashboard. The carousel displays all the widget thumbnails by default. You can customize your dashboard as per your needs. For example, you can configure a widget to display a graph with the top 10 applications with the most sessions in the last hour.

To add a widget to the Dashboard, drag the widgets from the palette or thumbnail container into the workspace. Click the refresh icon to update the dashboard or an individual widget. To change the automatic refresh interval, select an interval from the drop-down list, which ranges from 5 minutes up to 7 days.

You can select a root device, a tenant system device, or a logical system device from the Devices drop-down list in the widgets. By default, the All option is selected. Maximum of top 10 devices based on the number of sessions are displayed in the widget.

You can also select the required devices by selecting the Selective option. The data is displayed based on selected devices. Hover over the top-right corner of the widget to edit, refresh, or remove the widget details.

The following dashboard widgets supports the option to display data based on the selected device:

  • IP Top Source IPs by Volume

  • Application Top Application by Volume

  • IP Top Users/IP by sessions

  • Firewall Top Denials

  • Firewall Top Events

  • Firewall Policy Rules with No Hits

  • Devices Most Bandwidth by Bytes

  • Zones Most Bandwidth by Bytes

  • Applications Most Sessions

  • IP Top Destinations

  • IP Top Sources

  • Devices Most Dropped Packets

  • Zones Most Dropped Packets

  • Devices Most Bandwidth by Packets

  • Zones Most Bandwidth by Packets

  • Devices Most Sessions

  • Devices Most Storage

  • NAT Top Src Translation Hits

  • NAT Top Dst Translation Hits

In addition, you can use the dashboard to:

  • Navigate to the Devices page from the devices widgets by clicking the More Details link.

  • Navigate to the Alarms page from devices most alarms widgets by clicking the More Details link.

  • Navigate to the Events and Logs page from an event-based widget.

The dashboard page automatically adjusts the placement of the widgets to dynamically fit on the browser window without changing the order of the widgets. You can manually reorder the widgets using the drag and drop option. The widget can be reordered or moved by holding the top header section of the widget.

Note

If you are using Policy Enforcer and ATP Cloud with Security Director, additional widgets are added to the dashboard. See Policy Enforcer Dashboard Widgets for those widget descriptions.

Table 1: Widgets

Widget

Description

Devices Count By Platform

Displays device count grouped by platform.

Devices Count By OS

Displays device count grouped by Junos OS.

Device Count By Status

Displays device count grouped by the system status (Up/down).

Firewall Top Denies

Displays top requests denied by the firewall based on their source IP addresses, sorted by count.

Firewall Top Events

Displays top firewall events of the network traffic, sorted by count.

IPS Top Events

Displays top IPS events of the network traffic, sorted by count.

Applications most sessions

Displays the applications with the most sessions.

IP Top Destinations

Displays top destination IP addresses of the network traffic, sorted by count.

IP Top Sources

Displays top source IP addresses of the network traffic, sorted by count.

Devices Most CPU Usage

Displays devices with maximum CPU utilization, sorted by count.

Devices Most Memory Usage

Displays devices with maximum memory utilization, sorted by count.

Devices Most Storage

Displays devices with most storage usage, sorted by count.

Firewall Policy Rules with No Hits

Displays firewall policies with the most rules not hit, sorted by count.

Devices Most Bandwidth by Bytes

Displays devices consuming maximum bandwidth in bytes.

Zones Most Bandwidth by Bytes

Displays zones with maximum throughput rate in bytes, sorted by incoming and outgoing bytes.

Devices Most Dropped Packets

Displays firewall devices with maximum number of packet drops, sorted by count.

Zones Most Dropped Packets

Displays firewall zones with maximum number of packet drops, sorted by count.

Devices Most Bandwidth by Packets

Devices with maximum throughput rate in packets, sorted by incoming and outgoing packets.

Zones Most Bandwidth by Packets

Displays zones with maximum throughput rate in packets, sorted by incoming and outgoing packets.

Devices Most Sessions

Displays devices with the most number of sessions, sorted by count.

Devices Most Alarms

Displays devices with maximum number of alarms, sorted by count.

Threat Map Virus

Displays world map showing total virus event count across countries.

Threat Map IPS

Displays world map showing total IPS event count across countries.

Application Top Application by Volume

Displays top applications based on volume or bandwidth.

IP Top Source IPs by Volume

Displays top source IP addresses of the network traffic by volume or bandwidth.

IP Top Spams By Source IPs

Displays top source IP addresses for spams.

Web Filtering Top Blocked Websites

Displays blocked websites, sorted by count.

Virus Top Blocked

Displays blocked viruses, sorted by count.

IP Top Source IPs by Sessions

Displays top source IP addresses of the network traffic by sessions.

NAT Top Source Translation Hits

Displays the Network Address Translation (NAT) rule names with most hits for source NAT.

NAT Top Destination Translation Hits

Displays the NAT rule names with most hits for destination NAT.

Policy Enforcer adds widgets to the dashboard that provide a summary of all gathered information on compromised content and hosts. Drag and drop widgets to add them to your dashboard. Mouse over a widget to refresh, remove, or edit the contents.

In addition, you can use the dashboard to:

  • Navigate to the File Scanning page from the Top Scanned Files and Top Infected Files widgets by clicking the More Details link.

  • Navigate to the Hosts page from the Top Compromised Hosts widget by clicking the More Details link.

  • Navigate to the Command and Control Servers page from the C&C Server Malware Source Location widget.

Note

C&C and GeoIP filtering feeds are only available with the Cloud Feed or Premium license.

Table 2: Policy Enforcer Widgets

Widget

Definition

Top Malware Identified

A list of the top malware found based on the number of times the malware is detected over a period of time. Use the arrow to filter by different time frames.

Top Compromised Hosts

A list of the top compromised hosts based on their associated threat level and blocked status.

Top Infected File Types

A graph of the top infected file types by file extension. Examples: exe, pdf, ini, zip. Use the arrows to filter by threat level and time frame.

Top Infected File Categories

A graph of the top infected file categories. Examples: executables, archived files, libraries. Use the arrows to filter by threat level and time frame.

Top Scanned File Types

A graph of the top file types scanned for malware. Examples: exe, pdf, ini, zip. Use the arrows to filter by different time frames.

Top Scanned File Categories

A graph of the top file categories scanned for malware. Examples: executables, archived files, libraries. Use the arrows to filter by different time frames.

C&C Server and Malware Source

A color-coded map displaying the location of Command and Control servers or other malware sources. Click a location on the map to view the number of detected sources.

Table 3 provides the source of information for each widget type on dashboard.

Table 3: Information Source for the Widgets

Widget Name

Widget Type

Source

Firewall Top Events

Security

syslog

Applications Most Sessions

Applications

syslog

IP Top Destinations

Security

syslog

IP Top Sources

Security

syslog

Top Firewall Denials

Security

syslog

IPS Top Attacks

Security

syslog

Threatmap Virus

Security

syslog

Threatmap IPS

Security

syslog

NAT Top Source Translation Hits

Security

syslog

NAT Top Destination Translation Hits

Security

syslog

IP Top Spams By Source IPs

Security

syslog

Web Filtering Top Blocked Websites

Security

syslog

Virus Top Blocked

Security

syslog

Application Top Application by Volume

Application

Application visibility

Top Source IPs by Volume

Security

Source IP visibility

Top Source User/IP by Sessions

Security

Source IP visibility

Devices Most CPU Usage

Device

SRX device polling

Devices Most Memory Usage

Device

SRX device polling

Devices Most Sessions

Device

SRX device polling

Devices Most Bandwidth By Bytes

Device

SRX device polling

Zones Most Bandwidth By Bytes

Security

SRX device polling

Devices Most Dropped Packets

Device

SRX device polling

Zones Most Dropped Packets

Security

SRX device polling

Devices Most Bandwidth By Packets

Device

SRX device polling

Zones Most Bandwidth By Packets

Security

SRX device polling

Devices Most Storage

Device

SRX device polling

Device Count By Platform

Device

Space Platform/ SD Devices

Device Count By OS

Device

Space Platform/ SD Devices

Device Count By Status

Device

Space Platform/ SD Devices

Device Most Alarms

Device

SRX device polling

Firewall policy: Rules with no hits

Security

Firewall Rule Hit count

Note

The following widgets are supported for both tenant systems (TSYS) and logical systems (LSYS):

  • Devices Most Sessions

  • Devices Most Bandwidth by Bytes

  • Zones Most Bandwidth by Bytes

  • Devices Most Dropped Packets

  • Zones Most Dropped Packets

  • Devices Most Bandwidth by Packets

  • Zones Most Bandwidth by Packets

  • Devices Most Storage

The following widgets are not supported for both LSYS and TSYS:

  • Devices Most CPU Usage

  • Devices Most Memory Usage

Understanding Role-Based Access Control for the Dashboard

Role-based access control (RBAC) has the following impact on the dashboard:

  • You must have Security Analyst or Security Architect role or have permissions equivalent to that role to access the dashboard.

  • You must have the required permissions to edit dashboard widgets. The user role under Administration > Users & Roles must have Event Viewer > Edit DashBoard option enabled to edit the settings on dashboard widgets.

  • You must have Administration > Users & Roles > Event Viewer > View Device Logs option enabled to view or read logs.