Dashboards

Published: July 20, 2023

The Dashboard section of the Spyderbat UI is located at the top of the left hand navigation panel, as shown below. If there is at least one source configured in the Spyderbat UI for your organization, you will be directed to the Dashboard homepage upon successful login into the console. If you have not yet set up any Sources (data collection) within your monitoring scope, please refer to our Documentation portal to access one of our How-To Guides for Spyderbat Nano Agent Installation.

Dashboard section provides a consolidated at-a-glance overview of a variety of operational and security data points captured as a result of asset monitoring with active Spyderbat Nano Agents.

Dashboard Card Overview

The Dashboard section comprises several default groups of dashboard cards. Each individual dashboard card represents a structured output of a Athena search query crafted using a set of criteria set forth by Spyderbat security analysts.

As you can see, all dashboard cards are of the same default height, which means that there are only so many rows that can be displayed within the card even with the scroll bar. Spyderbat dashboard cards surface the top 100 rows, and indicate the total number of rows that meet the dashboard card criteria in the dashboard card header.

If you need to view or export all the data, you could do it through Search, by clicking “view all [total number]” or “view first 10K”, if there are more than 10K of rows being returned. In the latter case, it is highly advisable to apply additional search or filtering criteria to reduce the volume of data, which we will cover here shortly.

Adjusting Card Display

Within a session you can resize cards, reorder or hide columns, and filter or sort data. These changes reset on page refresh — they do not persist across sessions.

Each card also has a time range selector (default: 24 hours, options from 1 hour to 30 days).

For persistent customization, hover over a card and click Run in Search to open the underlying query in Search, where you can modify it and save it as a custom dashboard card.

Data Grouping

In addition to filtering and sorting the data within the card, some dashboard cards allow grouping the data into summary rows by column values. By default, several cards have been selected by Spyderbat analysts to have Grouping feature enabled and all data grouped based on the specific criteria called out in the first column:

You can expand a select grouping by clicking on the accordion symbol:

If you turn off grouping by moving the slider on the right from “Grouping Enabled” to “Grouping Disabled”, all rows will be displayed in an unsorted order.

When “Grouping Enabled” is on, you can also apply nested grouping options based on the values within other columns, by clicking the ellipsis (three vertical dots), on the column which values you wish to use for the nested rows grouping, and select “Group by [column name]”:

To remove nested grouping, you will have to follow the same steps and choose “Stop Grouping by [column name]” from the drop down. To remove all grouping, just flip the “Grouping Enabled” slider to “Grouping Disabled”:

From Dashboards to Investigation

Besides offering you extensive observability options and holistic view of your security posture, Dashboard cards allow you to easily segway into investigating any suspicious or simply interesting activity in your monitored environment. All you need to do to start an investigation is select one or more rows in one or multiple dashboard cards and click “Start Investigation”.

Clicking the X in the “Start Investigation” pop-up, will automatically deselect all rows.

At any time during your investigation you can go back to the dashboards section to add more items to your existing investigation or start a brand new investigation:

If you choose to start a new investigation, the existing open investigation will get overwritten, unless you save an Investigation Link.

If you are focusing your investigation on K8s assets and inventory, rather than processes, the system will prompt you to run a K8s investigation.