FortiSIEM Visual Analytics

Visual Analytics

Visual Analytics is an add-on for AccelOps that lets you create custome visualizations of AccelOps report data, as well as dashboards containing multiple visualization charts. AccelOps Visual Analytics has three components:

  1. The AccelOps Report Server, which syncs with and replicates AccelOps reports in near-real time.
  2. Tableau Server from Tableau Software, which enables the publication and distribution of your visualizations.
  3. Tableau Desktop, also from Tabeleau Software, which is your primary tool for creating visualizations.

See Installation and Configuration of AccelOps Visual Analytics for information about setting up AccelOps Report Server. For more detailed information about Tableau Server and Desktop, including installation, configuration, and examples of creating sheets and workbooks, you should consult the Product Support section of the Tableau Software website.

 

AccelOps Visual Analytics Architecture

Overview and Report Server Architecture

Using AccelOps Report Server with Tableau Software

Overview and Report Server Architecture

With AccelOps Visual Analytics, you can now create visual representations of the data that is stored in AccelOps. This includes:

Structured data stored in the AccelOps CMDB relational PostgreSQL database, such as: Discovered information about devices, systems, applications and users

Identity and location information

Incidents and notifications

Unstructured data such as logs, events, performance metrics etc. that are monitored by AccelOps and stored in the EventDB NoSQL database, which is accessible by Supervisors and Workers over NFS.

In order to provide near real-time visual analytics without compromising the performance of your AccelOps deployment, both structured and unstructured data is exported to a separate virtual machine, the AccelOps Report Server, running PostgreSQL. The Report Server contains two databases that are queried by AccelOps Visual Analytics:

phoenixdb

This database contains the entire AccelOps CMDB and is populated via asynchronous PostgreSQL replication (slony) in near-real time.

reportdb

This database contains the results of event queries

You can find more information about AccelOps Report Server in the topic Report Server Architecture: phoenixdb and reportdb and its related topics.

Using AccelOps Report Server with Tableau Software

AccelOps Report Server integrates with Tableau Software to provide the interface for creating and publishing your data visualizations. Workbooks containing visualizations based on AccelOps data are created using Tableau Desktop, and then are published to Tableau server, where they can be accessed on any Windows or OS X device by users how have been granted permission for viewing or editing them. AccelOps provides some workbooks for visualizations, but you can construct others for custom analytics. You can find more information about workbooks in the section Cre ating and Managing Workbooks.

 

 

 

This entry was posted in Administration Guides, FortiSIEM on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.