Dashboard
The Dashboard provides a security overview of your enterprise IT environment, including essential information in each tab.
The Detections tab is the main Dashboard screen. It displays statistical information for the top 10 unresolved detections, categorized by severity and timeline. The Detections screen indicates potential or existing attacks, what detections were triggered, or if a false-positives flood must be addressed by optimizing the detections.
The statistics screens are interactive. Click the pie charts, graphs and other items to see more information. The Dashboard shows your current ESET Inspect On-Prem performance under the Server status and Events load tabs.
Use a Time filter within the statistics tabs. Specify the period (day, week, month) to filter.
Use the Dashboard tabs to switch between the screens:
Displays the incidents statistics:
•Incidents by severity
•Incidents by status
•ESET Inspect On-Prem incidents (incidents per day)
•Incidents by author
Click a pie chart slice to open the Incidents table with relevant filtered items for review.
Displays detection statistics:
•Top 10 Unresolved Threat and Warning Detections
•Top 10 Unresolved Informational Detections
•Threat and Warning Detections
•Informational Detections
Click a pie chart slice or threat name to open the filtered Detections table. Use additional filters (for example: occurred time) to refine further. Click the detections per day graph for a list of that day's detections.
The Executables tab shows a hit map of all executables within your environment. The executables are displayed graphically as an intersection of Network LiveGrid® popularity, showing the file count. This view should help you distinguish safe or well-known executables from unique ones. Unique executables may indicate a targeted attack. Problematic Executables lists executables with suspicious behavior grouped by the number of detections (total and unique).
•Executables popularity—The bubbles contain file counts that meet the following two conditions:
•LiveGrid® Popularity—How many computers reported an executable to the LiveGrid®. LiveGrid® evaluates Red as malicious as malicious, Yellow as suspicious, Green as safe.
•Network Popularity—The number of computers in the enterprise with the module.
Click a bubble for an executables list filtered by popularity:
•Executable status—Shows the unresolved detections count and executable status. Click the pie graph or the status type (OK, Warning, Info or Threat) for an executables list filtered by status.
•Problematic Executables—Lists the problematic executables detected. Click an executable to see its details.
The Computers tab identifies computers with a potential risk, indicating a suspicious behavior investigation may be required.
•Detections on Computers—Shows a graphical intersection of Resolved and Unresolved Detections on all computers. The bubble shows computer count and Resolved/Unresolved Detections, which is within a certain range (for example [8,16]/[2,4]). Meaning Unresolved Detections from 8 to 16 are excluded, and Resolved Detections from 2 to 4 are excluded. Click the bubble, and you will be redirected to the Computers tab.
•Computer statuses—Shows a pie graph of computers sorted by statuses. By clicking the part of the pie graph, you are redirected to the specific Computers list with the selected filter.
•Problematic Computers—Displays a list of problematic computers. Clicking a computer name will redirect you to the Computer details section.
Information and functionality are available in this section. After clicking on the part of the pie graph, the Detections list with specified Severity filter is listed.
•Unresolved Detections severity—Threat , Warning , Informational.
•Unresolved Detections priority—No Priority, Priority I to III.
•Resolved/unresolved detections—Total number of Resolved/Unresolved detections.
•Last connection—Number of computers connected to the ESET Inspect Server recently (Today, Last Day, More than two days).
•Received Events From Today—Average value of events on all monitored computers.
•ESET Inspect Connector version—The ESET Inspect Connector versions installed on all computers.
Server status (available in the the on-prem version only)
Displays server statistics information, including an ESET Inspect Server usage overview, the ESET Inspect On-Prem environment health and all system services performance, without excessive system resource use. Hover over a graph to see more information
•CPU Time
•Memory Usage
•Networking
•Events Processed per Second
•Event Packet Queue Length
•Hover over a graph to see more information
If the SQL database is installed on a machine different from the ESET Inspect Server, the information regarding SQL CPU Time and Memory Usage is not shown. |
Events load (available in the on-prem version only)
The Events load tab shows information about the database size and the number of low-level events reported to and processed by ESET Inspect On-Prem. A low-level event is something a process does, like write a file or a DNS lookup. ESET Inspect On-Prem analyzes low-level events to find suspicious activities and report detections. Low-level events account for most of the database size, and you can use Event Filters to not store events and reduce disk usage. Charts on this page help find executables that report most events and filters them. In this section you can find:
•Events processed and stored per computer—Shows an average number of low-level events received from a computer and stored in the database. The difference between received and stored values are caused by using Event Filters or configuring ESET Inspect On-Prem not to store all data. A failed purge can indicate a problem with the disk space running low on the database machine, as this process also needs free space to finish successfully.
•Database size—Shows the estimated database size (calculated based on the current data retention settings, number of clients and events sent per day) and current size (calculated as the size of the ESET Inspect database, temporary database, inndb log files and binary logs). The estimated database size can be smaller than the current size if you change settings to store less data or purge more data. After the purge removes old data, the database size should reach the estimated value.
•Events per executable instance—Shows the number of events executed per executable instance on a single computer.
•Events per executable—Shows the number of events by executable on computers within the network.
•Top executable instances—Shows the executable instances list sorted by the highest event count on a specific computer.
•Top executables—Shows the executables list sorted by the highest event count within the entire network.
You can filter events in the Executables tab.