Dashboard Overview
The Junos Space Security Director dashboard provides a unified overview of the system and network status retrieved from SRX Series devices. You can drag widgets from the carousel at the top of the page to your workspace, where you can configure them to meet your needs. When you install Security Director with Junos Space Log Director, the new Log Director dashboard is displayed.
To display the dashboard, select Security Director > Dashboard. The carousel displays all the widget thumbnails by default. You can customize your dashboard as per your needs. For example, you can configure a widget to display a graph with the top 10 applications with the most sessions in the last hour.
To add a widget to the Dashboard, drag the widgets from the palette or thumbnail container into the workspace. Click the refresh icon to update the dashboard or an individual widget. To change the automatic refresh interval, select an interval from the drop-down list, which ranges from 5 minutes up to 7 days.
You can select a root device, a tenant system device, or a logical system device from the Devices drop-down list in the widgets. By default, the All option is selected. Maximum of top 10 devices based on the number of sessions are displayed in the widget.
You can also select the required devices by selecting the Selective option. The data is displayed based on selected devices. Hover over the top-right corner of the widget to edit, refresh, or remove the widget details.
The following dashboard widgets supports the option to display data based on the selected device:
IP Top Source IPs by Volume
Application Top Application by Volume
IP Top Users/IP by sessions
Firewall Top Denials
Firewall Top Events
Firewall Policy Rules with No Hits
Devices Most Bandwidth by Bytes
Zones Most Bandwidth by Bytes
Applications Most Sessions
IP Top Destinations
IP Top Sources
Devices Most Dropped Packets
Zones Most Dropped Packets
Devices Most Bandwidth by Packets
Zones Most Bandwidth by Packets
Devices Most Sessions
Devices Most Storage
NAT Top Src Translation Hits
NAT Top Dst Translation Hits
In addition, you can use the dashboard to:
Navigate to the Devices page from the devices widgets by clicking the More Details link.
Navigate to the Alarms page from devices most alarms widgets by clicking the More Details link.
Navigate to the Events and Logs page from an event-based widget.
The dashboard page automatically adjusts the placement of the widgets to dynamically fit on the browser window without changing the order of the widgets. You can manually reorder the widgets using the drag and drop option. The widget can be reordered or moved by holding the top header section of the widget.
If you are using Policy Enforcer and ATP Cloud with Security Director, additional widgets are added to the dashboard. See Policy Enforcer Dashboard Widgets for those widget descriptions.
Widget |
Description |
---|---|
Devices Count By Platform |
Displays device count grouped by platform. |
Devices Count By OS |
Displays device count grouped by Junos OS. |
Device Count By Status |
Displays device count grouped by the system status (Up/down). |
Firewall Top Denies |
Displays top requests denied by the firewall based on their source IP addresses, sorted by count. |
Firewall Top Events |
Displays top firewall events of the network traffic, sorted by count. |
IPS Top Events |
Displays top IPS events of the network traffic, sorted by count. |
Applications most sessions |
Displays the applications with the most sessions. |
IP Top Destinations |
Displays top destination IP addresses of the network traffic, sorted by count. |
IP Top Sources |
Displays top source IP addresses of the network traffic, sorted by count. |
Devices Most CPU Usage |
Displays devices with maximum CPU utilization, sorted by count. |
Devices Most Memory Usage |
Displays devices with maximum memory utilization, sorted by count. |
Devices Most Storage |
Displays devices with most storage usage, sorted by count. |
Firewall Policy Rules with No Hits |
Displays firewall policies with the most rules not hit, sorted by count. |
Devices Most Bandwidth by Bytes |
Displays devices consuming maximum bandwidth in bytes. |
Zones Most Bandwidth by Bytes |
Displays zones with maximum throughput rate in bytes, sorted by incoming and outgoing bytes. |
Devices Most Dropped Packets |
Displays firewall devices with maximum number of packet drops, sorted by count. |
Zones Most Dropped Packets |
Displays firewall zones with maximum number of packet drops, sorted by count. |
Devices Most Bandwidth by Packets |
Devices with maximum throughput rate in packets, sorted by incoming and outgoing packets. |
Zones Most Bandwidth by Packets |
Displays zones with maximum throughput rate in packets, sorted by incoming and outgoing packets. |
Devices Most Sessions |
Displays devices with the most number of sessions, sorted by count. |
Devices Most Alarms |
Displays devices with maximum number of alarms, sorted by count. |
Threat Map Virus |
Displays world map showing total virus event count across countries. |
Threat Map IPS |
Displays world map showing total IPS event count across countries. |
Application Top Application by Volume |
Displays top applications based on volume or bandwidth. |
IP Top Source IPs by Volume |
Displays top source IP addresses of the network traffic by volume or bandwidth. |
IP Top Spams By Source IPs |
Displays top source IP addresses for spams. |
Web Filtering Top Blocked Websites |
Displays blocked websites, sorted by count. |
Virus Top Blocked |
Displays blocked viruses, sorted by count. |
IP Top Source IPs by Sessions |
Displays top source IP addresses of the network traffic by sessions. |
NAT Top Source Translation Hits |
Displays the Network Address Translation (NAT) rule names with most hits for source NAT. |
NAT Top Destination Translation Hits |
Displays the NAT rule names with most hits for destination NAT. |
Policy Enforcer adds widgets to the dashboard that provide a summary of all gathered information on compromised content and hosts. Drag and drop widgets to add them to your dashboard. Mouse over a widget to refresh, remove, or edit the contents.
In addition, you can use the dashboard to:
Navigate to the File Scanning page from the Top Scanned Files and Top Infected Files widgets by clicking the More Details link.
Navigate to the Hosts page from the Top Compromised Hosts widget by clicking the More Details link.
Navigate to the Command and Control Servers page from the C&C Server Malware Source Location widget.
C&C and GeoIP filtering feeds are only available with the Cloud Feed or Premium license.
Widget |
Definition |
---|---|
Top Malware Identified |
A list of the top malware found based on the number of times the malware is detected over a period of time. Use the arrow to filter by different time frames. |
Top Compromised Hosts |
A list of the top compromised hosts based on their associated threat level and blocked status. |
Top Infected File Types |
A graph of the top infected file types by file extension. Examples: exe, pdf, ini, zip. Use the arrows to filter by threat level and time frame. |
Top Infected File Categories |
A graph of the top infected file categories. Examples: executables, archived files, libraries. Use the arrows to filter by threat level and time frame. |
Top Scanned File Types |
A graph of the top file types scanned for malware. Examples: exe, pdf, ini, zip. Use the arrows to filter by different time frames. |
Top Scanned File Categories |
A graph of the top file categories scanned for malware. Examples: executables, archived files, libraries. Use the arrows to filter by different time frames. |
C&C Server and Malware Source |
A color-coded map displaying the location of Command and Control servers or other malware sources. Click a location on the map to view the number of detected sources. |
Table 3 provides the source of information for each widget type on dashboard.
Widget Name |
Widget Type |
Source |
---|---|---|
Firewall Top Events |
Security |
syslog |
Applications Most Sessions |
Applications |
syslog |
IP Top Destinations |
Security |
syslog |
IP Top Sources |
Security |
syslog |
Top Firewall Denials |
Security |
syslog |
IPS Top Attacks |
Security |
syslog |
Threatmap Virus |
Security |
syslog |
Threatmap IPS |
Security |
syslog |
NAT Top Source Translation Hits |
Security |
syslog |
NAT Top Destination Translation Hits |
Security |
syslog |
IP Top Spams By Source IPs |
Security |
syslog |
Web Filtering Top Blocked Websites |
Security |
syslog |
Virus Top Blocked |
Security |
syslog |
Application Top Application by Volume |
Application |
Application visibility |
Top Source IPs by Volume |
Security |
Source IP visibility |
Top Source User/IP by Sessions |
Security |
Source IP visibility |
Devices Most CPU Usage |
Device |
SRX device polling |
Devices Most Memory Usage |
Device |
SRX device polling |
Devices Most Sessions |
Device |
SRX device polling |
Devices Most Bandwidth By Bytes |
Device |
SRX device polling |
Zones Most Bandwidth By Bytes |
Security |
SRX device polling |
Devices Most Dropped Packets |
Device |
SRX device polling |
Zones Most Dropped Packets |
Security |
SRX device polling |
Devices Most Bandwidth By Packets |
Device |
SRX device polling |
Zones Most Bandwidth By Packets |
Security |
SRX device polling |
Devices Most Storage |
Device |
SRX device polling |
Device Count By Platform |
Device |
Space Platform/ SD Devices |
Device Count By OS |
Device |
Space Platform/ SD Devices |
Device Count By Status |
Device |
Space Platform/ SD Devices |
Device Most Alarms |
Device |
SRX device polling |
Firewall policy: Rules with no hits |
Security |
Firewall Rule Hit count |
The following widgets are supported for both tenant systems (TSYS) and logical systems (LSYS):
Devices Most Sessions
Devices Most Bandwidth by Bytes
Zones Most Bandwidth by Bytes
Devices Most Dropped Packets
Zones Most Dropped Packets
Devices Most Bandwidth by Packets
Zones Most Bandwidth by Packets
Devices Most Storage
The following widgets are not supported for both LSYS and TSYS:
Devices Most CPU Usage
Devices Most Memory Usage
Understanding Role-Based Access Control for the Dashboard
Role-based access control (RBAC) has the following impact on the dashboard:
You must have Security Analyst or Security Architect role or have permissions equivalent to that role to access the dashboard.
You must have the required permissions to edit dashboard widgets. The user role under Administration > Users & Roles must have Event Viewer > Edit DashBoard option enabled to edit the settings on dashboard widgets.
You must have Administration > Users & Roles > Event Viewer > View Device Logs option enabled to view or read logs.