Custom Dashboards (Beta)

Build custom dashboards to visualize and track important data in Panther

Overview

Custom dashboards are in open beta starting with Panther version 1.112, and are available to all customers. Please share any bug reports and feature requests with your Panther support team.

Custom dashboards in Panther allow you to group data visualizations that provide insights tailored to your organization's needs. You can customize each dashboard to display key metrics, such as data ingest volume, alert volume, and any other trends you'd like to monitor at a glance.

A custom dashboard is made up of one or more visualizations, or "widgets." Each visualization is generated from a PantherFlow query using the visualize operator.

Learn how to build a custom dashboard, access your custom dashboards, and more, below.

Under a header reading "My custom dashboard" are six rectangles of various sizes. Each one contains a chart—one is a line chart and the five others are bar charts. Each chart has a name, e.g., "Number of alerts per severity, processed per month"

Creating a custom dashboard and adding visualizations

To build a custom dashboard, first you will create the dashboard, then you will add one or more visualizations.

Creating a custom dashboard

You can create a custom dashboard in the Panther Console from either the Dashboard or Search page.

Creating a custom dashboard from the Dashboard page

In the left-hand navigation bar of your Panther Console, click Dashboard.
- This is the landing page when logging into the Panther Console.
To create a dashboard, either:
- Hover over the name of the currently displayed dashboard, then click +.
- Click the name of the currently displayed dashboard, then click + New Dashboard.
Now that your new dashboard exists, you can add one or more visualization widgets and update the name and/or emoji of the dashboard.

Creating a custom dashboard from the Search page

This method of dashboard creation also adds the first visualization widget to the new dashboard.

In the left-hand navigation bar of your Panther Console, click Investigate > Search.
Run a PantherFlow search that uses the visualize operator.
- Learn more about how to run a PantherFlow query in Search here.
In the top-right corner of the resulting visualization, click the three dots icon, then + Add to dashboard....
Click + New dashboard.
- A new custom dashboard is created, and this visualization is added to it. In the notification displayed in the lower-left corner of the screen, click Go to dashboard to view the new dashboard.
- You can optionally update the name and/or emoji of the dashboard.

Adding a visualization to a custom dashboard

After you have created a custom dashboard, you can add a visualization widget to it. You can only add visualizations to dashboards you created.

In the left-hand navigation bar of your Panther Console, click Investigate > Search.
Run a PantherFlow search that uses the visualize operator.
- Learn more about how to run a PantherFlow query in Search here.
In the top-right corner of the resulting visualization, click the three dots icon, then + Add to dashboard....
Select the name of the custom dashboard you'd like to add the visualization to.
- The visualization is added to the custom dashboard. In the notification displayed in the lower-left corner of the screen, click Go to dashboard to view the dashboard.

Viewing a custom dashboard and its PantherFlow queries

A dashboard is made up of one or more visualizations, each powered by a PantherFlow query.

Viewing a custom dashboard

To view a custom dashboard in your Panther Console:

In the left-hand navigation bar of your Panther Console, click Dashboard.
- This is the landing page when logging into the Panther Console.
In the upper-left corner, click Overview.
Under Custom Dashboards, select the dashboard you'd like to view.

Viewing a visualization's PantherFlow query

It may be helpful to see the PantherFlow query underlying a visualization widget.

To see the related PantherFlow query:

In the upper right-hand corner of the visualization widget for which you'd like to view the PantherFlow query, click the three dots icon.
Click Go to PantherFlow query.

You will be redirected to Search and the associated PantherFlow query will load and execute.

Editing a visualization's underlying PantherFlow query in Search will not update the visualization on your dashboard. To edit a visualization in your dashboard, see Editing a visualization below.

Updating a custom dashboard

Once you have created a custom dashboard, you can update its name or emoji. Once you have added visualization widgets to the dashboard, you can edit them as well as reposition and resize them.

You can only update custom dashboards you created.

Editing a visualization

You can edit a visualization widget from a custom dashboard you created.

To edit a visualization widget in a custom dashboard:

View the custom dashboard containing the visualization widget you'd like to edit.
In the top-right corner of the visualization widget you'd like to edit, click the three dots icon.
Click Edit visualization settings.
Make desired updates in the Edit visualization settings pop-up modal.
- If you'd like to update attributes of the visualization (such as the chart title or orientation), follow either the Using form or Using PantherFlow instructions below.
- If you'd like to update the PantherFlow query underlying the visualization outside of the visualize operator annotations (e.g., you'd like to add a where clause), follow the Using PantherFlow instructions below.

To update a visualization widget using the form:

On the left-hand side of the Edit visualization settings pop-up modal, update the visualization form field values as desired.
- Updates to form field values are reflected in the PantherFlow query above (visible by clicking the down arrow icon: ).
- The form fields reflect the PantherFlow visualize annotations, and include:
  - In the Data section:
    Chart Type: Select Bar chart, Line chart, or Table chart.
    (If Chart Type is Bar chart or Line chart) Y-axis: Select the field you'd like to be represented on the vertical axis. (Select Auto-detect to allow Panther to infer the value based on your query.)
    (If Chart Type is Bar chart or Line chart) X-axis: Select the field you'd like to be represented on the horizontal axis. (Select Auto-detect to allow Panther to infer the value based on your query.)
    (If Chart Type is Bar chart or Line chart) Series: Select the field you'd like to use to group the data. (Select Auto-detect to allow Panther to infer the value based on your query.)
  - (If Chart Type is Bar chart or Line chart) In the Appearance section:
    Orientation: Select an icon to indicate the direction of the bars.
    Orientation can only be altered if Y-axis and X-axis are both set to Auto-detect.
    Show legend: Toggle On or Off depending on whether the visualization should have a legend.
    (If Show legend is On) Legend Position: Select a value for the legend's placement.
  - In the Labels section:
    Visualization Title: Enter a title for the visualization.
Click Save Changes to update the visualization widget or Cancel to discard your edits.

To update a visualization widget by editing its PantherFlow query:

On the left-hand side of the Edit visualization settings pop-up modal, click the down arrow icon to expand the PantherFlow query and enter edit mode.
Edit the query as desired.
- Updates made to the visualize operator will be reflected in the modal form (visible by clicking the up arrow icon: ).
Click Run Query to see how the visualization changes after your modification(s).
Click Save Changes to update the visualization widget or Cancel to discard your edits.

Updating the name or emoji of a custom dashboard

View the custom dashboard you'd like to update.
Hover over the title of the dashboard, then click the pencil (Edit Title) icon.
Update the Dashboard Name value and/or select a new emoji.
Click the check mark icon to save your changes, or the X icon to discard your changes.

Customizing the layout of a custom dashboard

You can adjust both the size and position of each visualization widget in a custom dashboard. Changes made to widget size and position will be saved automatically after changes have stopped for a short period of time. You can only customize the layout of dashboards you created.

To change the size of a widget:

Hover over the lower right-hand corner of a widget.
Click and drag the corner to resize the widget to the desired size.

To change the position of a widget:

Hover over the widget's title.
Click and drag the widget to its new location within the dashboard.

Deleting a custom dashboard or its visualizations

Deleting a custom dashboard

Once a dashboard is deleted, it will not appear in any dashboard lists. You can only delete dashboards you created. If you only need to delete a visualization from a dashboard (and not the entire dashboard as a whole), see Deleting a visualization in a custom dashboard, below.

To delete a custom dashboard:

View the custom dashboard you'd like to delete.
Once the selected dashboard is loaded, hover over its title, then click the trash can icon.
In the Delete Dashboard? pop-up modal, click Confirm.
- The dashboard will be deleted and a confirmation notification will be displayed in the lower left-hand corner of the Console window.
- To revert the deletion, in the confirmation notification, click Undo.

Deleting a visualization in a custom dashboard

You can only delete a visualization widget from a custom dashboard you created.

To delete a visualization widget from a custom dashboard:

View the custom dashboard containing the visualization widget you'd like to remove.
In the top-right corner of the visualization widget you'd like to remove, click the three dots icon.
Click Remove visualization.

Limitations of custom dashboards

Custom dashboards currently have the following limitations:

Your Panther instance can store up to 1,000 custom dashboards.

PreviousVisualization and Dashboards NextPanther-Managed Dashboards

Last updated 6 days ago

Was this helpful?