Dashboard Overview
FortiSIEM includes two types of component dashboards: General, which are used to monitor IT infrastructure components, and VM View, which focus specifically on information about virtual machines in your infrastructure. These two types of component dashboards also include two types of dashboads for collecting different types of information:
Summary dashboards that provide single-line entries for IT infrastructure components based on their system status (Critical, Criitcal + Warning, All) in operational time
Widget-based dashboards that provide metrics and analytics for functional areas using historical data
In addition to the summary and widget-based dashboards, FortiSIEM also includes a specialized Incident dashboard, with features that are detailed in the Incidents – Flash version section.
Topics in this section provide an overview of the Summary and Widget dashboards, as well as how to use the Analysis menu to gain more information about your IT infrastructure components.
Summary Dashboard User Interface Overview
VM Dashboard User Interface Overview
Widget Dashboard User Interface Overview
Network Topology View of Devices
How Values in Dashboard Columns are Derived Using the Analysis Menu
Summary Dashboard User Interface Overview
Dashboard Overview
Summary Dashboard UI Controls
Dashboard Overview
Summary dashboards are best used for gathering information about individual infrastructure components in operational time. Summary dashboards include the Exec Summary dashboard, and all the dashboards in the Summary Dashboards and Availability/Performance folders of the Dashboards > General pane. In the Dashboards > VM View pane, summary dashboards include the ESX Host Type dashboards (All ESX Hosts and Standalone ESX Hosts, for example). Metrics for these dashboards are displayed either on a real-time basis, or as an average of ten minute intervals.
This screenshot shows an example of a Biz Service Summary dashboard for a multi-tenant deployment. It contains all the standard user interface controls found in summary dashboard, though some additional UI controls are found in other summary dashboards as described in the table Columnar Dashboard UI Controls. Selecting a business service in the top pane loads all the components associated with that service into the panes below.
Summary Dashboard UI Controls
| UI Control | Description |
| Status Filter | Filters the view of the components based on component status: Critical, Critical + Warning, All |
| Organizations
Filter |
For multi-tenant deployments, filter components based on the organization they belong to |
| Service Info | For the Business Services summary dashboard, shows the Quick Info for the business service. For other components, an I nfo link is provided in the same location in the UI. |
| Analysis
Menu |
The Analysis menu contains a number of options for component analytics, depending on the component selected. See Using the Analysis Menu for more information. You can also access the Analysis menu for a component by hovering your mouse over the component’s Device IP menu until the blue Quick Info icon appears, and then clicking the icon. |
| Customize
Columns |
The Custom Columns control lets you change the columns that are displayed in the dashboard. See Adding Custom Columns to Dashboards for more information. |
| Performance
Summaries |
Most columns contain a summary or trend view of their display information. Hover your mouse over the metric until a trend line icon appears, and then click to view the summary or trend information. Note that many of these summary pop-ups have their own navigational controls, for example to set the time interval for the summary. |
| Incident
Summary |
The incident summary shows the number and type of incidents associated with the component. Hover over the number to view a quick summary of the incidents, click on the incident number to view incident details. |
| Quick Info | The Quick Info view of a device, which you can also access through the Analysis menu or hovering your mouse cursor over
the Device IP column, displays General and Health information for the device, and when appropriate, Identity and Location information. It also contains links to additional information about the device: Incidents An exportable summary of incidents associated with the device Health Availability, Performance, and Security health information for the device. You can also access this information by clicking the Device Health user interface control, or by selecting Device Health in the Analysis menu. BizService Any business services impacted by the device. You can also access this information by selecting Impacted Business Services in the Analysis menu. Applications Displays a report on the top 10 applications associated with the device by Average CPU Utilization over the past hour Vulnerability and IP Status (Not used in the Dashboard view) Displays the vulnerability status reports that are also available by selecting Vulnerability and IPS Status in the Analysis menu Hardware Health (Used only for the CMDB/Storage view) Displays health information for the hardware being used for storage Interfaces Displays a report on the top 10 interfaces associated with the device by average throughput Topology Shows the device’s location in the network topology. You can also access this information by selecting Topology in the Analysis menu. The Quick Info view also contains two links, Goto Config Item, which links to the device entry in the CMDB, and Goto Identity, which links to Analytics > Identity and Location Report, where you can edit this information for the device. |
| Component
Health |
Availability, Performance, and Security health reports for the device. You can also access this information by selecting a device in the Summary dashboard, and then click Health, or by going to Quick Info > Health after selecting the device. If any Incidents are displayed, click the number to view the Incident Summary. Depending on the reported metric, you can zoom in for a closer look at graphs and reports by clicking the Magnifying Glass icon that appears when you hover your mouse cursor over them. |
| Location
Selection |
Filters components by their geographic locations. See Setting Device Location Information for more information. |
| Time View and Refresh Interval | The Time View has two options for whether you want to view Real Time or Average-10 mins metrics for your component, and for the interval and which you want them to refresh.{to |
VM Dashboard User Interface Overview
The Dashboard > VM View provides a complete overview of your virtual infrastructure, including Data Centers, Standalone ESX Hosts, Resource Pools, Clusters, ESXs, and VMs. Over 400 VMs can be discovered, and their metrics pulled via VCenter in under three minutes during initial discovery. As you navigate the Virtual Infrastructure hierarchy, you will see Summary dashboards similar to those in the General > Dashboard view for VM Clusters, All ESX Hosts, and Standalone ESX Hosts, while widget dashboards that provide performance metrics for CPU
Utilization, Memory, Network Interface, Disk I/O and Data Store Utilization are available at the level of VM, ESX, Resource Pool and Cluster.
VM Summary Dashboards Overview
UI Controls for Virtual Infrastructure Summary Dashboards
The ESX Hosts View
The ESX and VM View
VM Summary Dashboards Overview
This screenshot shows the All ESX Hosts summary dashboard, which includes a summary pane for All ESXs at the top, and a summary pane for individual VM instances for selected ESXs at the bottom. The user interface controls for the Virtual Infrastructure summary dashboards are very similar to those in the General summary dashboards.
UI Controls for Virtual Infrastructure Summary Dashboards
| Ui Control | Description |
| Organizations
Filter |
For multi-tenant deployments, filter components based on the organization they belong to |
| Quick Info | The Quick Info view of a device, which you can also access through the Analysis menu or hovering your mouse cursor over
the Device IP column, displays General and Health information for the device, and when appropriate, Identity and Location information. It also contains links to additional information about the device: Incidents An exportable summary of incidents associated with the device Health Availability, Performance, and Security health information for the device. You can also access this information by clicking the Device Health user interface control, or by selecting Device Health in the Analysis menu. BizService Any business services impacted by the device. You can also access this information by selecting Impacted Business Services in the Analysis menu. Applications Displays a report on the top 10 applications associated with the device by Average CPU Utilization over the past hour Vulnerability and IP Status (Not used in the Dashboard view) Displays the vulnerability status reports that are also available by selecting Vulnerability and IPS Status in the Analysis menu Hardware Health (Used only for the CMDB/Storage view) Displays health information for the hardware being used for storage Interfaces Displays a report on the top 10 interfaces associated with the device by average throughput Topology Shows the device’s location in the network topology. You can also access this information by selecting Topology in the Analysis menu. The Quick Info view also contains two links, Goto Config Item, which links to the device entry in the CMDB, and Goto Identity, which links to Analytics > Identity and Location Report, where you can edit this information for the device. |
| Device Health | Availability, Performance, and Security health reports for the device. You can also access this information by selecting a device in the Summary dashboard, and then click Health, or by going to Quick Info > Health after selecting the device. If any Incidents are displayed, click the number to view the Incident Summary. Depending on the reported metric, you can zoom in for a closer look at graphs and reports by clicking the Magnifying Glass icon that appears when you hover your mouse cursor over them. |
| Analysis
Menu |
The Analysis menu contains a number of options for component analytics, depending on the component selected. See Using the Analysis Menu for more information. You can also access the Analysis menu for a component by hovering your mouse over the component’s Device IP menu until the blue Quick Info icon appears, and then clicking the icon. |
| Locations | Filters components by their geographic locations. See Setting Device Location Information for more information. |
| Customize
Columns |
The Custom Columns control lets you change the columns that are displayed in the dashboard. See Adding Custom Columns to Dashboards for more information. |
The ESX Hosts View
When you select an individual ESX Host in the Virtual Infrastructure hierarchy, the ESX Health tab will be selected and you will see a widget dashboard with reports for ESX Statistics, Active Incidents, Performance Metrics, Memory Utilization, and Disk Rate. Additional tabs are VM Summary and Top VMs.
| Tab
Name |
Description |
| ESX
Health |
A widget dashboard with reports for ESX Statistics, Active Incidents, Performance Metrics, Memory Utilization, and Disk
Rate |
| VM
Summary |
A summary dashboard for VMs on the ESX host. |
| Top VMs | A widget dashboard with reports for Top VMs by CPU Utilization, Top VMs by Memory Utilization, Top VMs by Disk Write
Request Rates, Top VMs by CPU Ready Percentage, and Top VMs by Disk Read Request Rate, all updated hourly |
The ESX and VM View
When you select an ESX or VM in the Virtual Infrastructure hierarchy, you will see a widget dashboard that contains reports for VM Statistics, Ac tive Incidents, and Performance Metrics.