Links

Panther Console Dashboard

Use the Panther Console overview dashboard to quickly identify and act on alerts
The Panther Console's overview dashboard lets you quickly identify trends and act on threats. The dashboard includes key alert metrics and actionable environment information.

Using the overview dashboard

The overview dashboard is the first page you'll see when you log in to the Panther Console. To access it from a different area of the Console, click Dashboard > Overview in the left sidebar menu.
Use the date range picker in the upper right corner of the page to set a time range for all charts in the dashboard. This filter defaults to showing the last week.
Each chart contains clickable metrics and/or actions, which you can follow to dig deeper into an alert.
The tiles in the upper section of the overview dashboard, such as Open Unassigned Alerts by Severity and Alerts by Severity and Status, include information that your team may need to address urgently. Additional tiles contain information that can inform proactive investments in your Panther instance.

Open Unassigned Alerts by Severity

This chart helps answer the question, "Am I under attack?"
  • View a list of all open alerts that have not yet been assigned to a user, grouped by severity, within the specified time range.
  • Click on a bar in the graph to see a list of the specific alerts at that severity level.
  • Click on a severity level to filter it in and out of your chart view.
  • Click Triage Alerts in the upper right corner to take further action.

Alerts by Severity and Status

This table helps answer the question, "How severe is the attack?"
  • View a list of all alerts, broken down by severity and status, within the specified time range.
  • Click on numbers in the grid to see a list of the specific alerts at that severity level and status.
  • This chart can help visualize how your team is working through alerts.

My Assigned Alerts

This tile helps answer the question, "What have I been assigned to help mitigate the attack?"
  • View a list of all alerts that have been assigned to you within the specified time range.

Alert Total Over Time By Severity

This tile helps answer the questions, "When did the attack occur? Is it still happening?"
  • View the total number of alerts over the specified time range, by severity.
  • Click the severity levels on the left of the chart to filter them in and out.
  • Use the slider at the bottom of the chart to alter the duration of time shown.
  • Current Period is the time range designated by the date picker in the upper right corner of the page. Previous Period is the same duration of time, directly before the Current Period.

Alerts By Log Type

This chart helps answer the question, "Where is the attack coming from?"
  • View the log types associated with the most alerts, within the specified time range.

Alerts by Detection

This chart helps answer the question, "Is this just noise?"
  • View the detections triggering the most alerts, within the specified time range.
  • This can help you determine which detections may need to be tuned to decrease unnecessary noise.

Ingestion by Log Source

This chart helps answer the question, "Are my data sources functioning as expected?"
  • View the amount of data your Panther account has ingested within the specified time range, by log source.
  • Use the slider at the bottom of the chart to alter the duration of time shown.
  • Click Reset to switch from Logarithmic to Linear view, and/or to reset the slider. Note that this button does not reset the selected Interval or overall date/time range.