Custom Dashboards (Beta)
Build custom dashboards to visualize and track important data in Panther
Last updated
Was this helpful?
Build custom dashboards to visualize and track important data in Panther
Last updated
Was this helpful?
Custom dashboards are in open beta starting with Panther version 1.112, and are available to all customers. Please share any bug reports and feature requests with your Panther support team.
Custom dashboards in Panther allow you to group data visualizations that provide insights tailored to your organization's needs. You can customize each dashboard to display key metrics, such as data ingest volume, alert volume, and any other trends you'd like to monitor at a glance.
A custom dashboard is made up of one or more visualizations, or "widgets." Each visualization is generated from a PantherFlow query using the visualize operator.
Learn how to build a custom dashboard, access your custom dashboards, and more, below.
To build a custom dashboard, first you will create the dashboard, then you will add one or more visualizations.
You can create a custom dashboard in the Panther Console from either the Dashboard or Search page.
In the left-hand navigation bar of your Panther Console, click Dashboard.
This is the landing page when logging into the Panther Console.
To create a dashboard, either:
Now that your new dashboard exists, you can add one or more visualization widgets and update the name and/or emoji of the dashboard.
After you have created a custom dashboard, you can add a visualization widget to it. You can only add visualizations to dashboards you created.
In the left-hand navigation bar of your Panther Console, click Investigate > Search.
Run a PantherFlow search that uses the visualize operator.
Select the name of the custom dashboard you'd like to add the visualization to.
A dashboard is made up of one or more visualizations, each powered by a PantherFlow query.
To view a custom dashboard in your Panther Console:
In the left-hand navigation bar of your Panther Console, click Dashboard.
This is the landing page when logging into the Panther Console.
In the upper-left corner, click Overview.
It may be helpful to see the PantherFlow query underlying a visualization widget.
To see the related PantherFlow query:
In the upper right-hand corner of the visualization widget for which you'd like to view the PantherFlow query, click the three dots icon.
Click Go to PantherFlow query.
You will be redirected to Search and the associated PantherFlow query will load and execute.
Editing a visualization's underlying PantherFlow query in Search will not update the visualization on your dashboard. To edit a visualization in your dashboard, see Editing a visualization below.
Once you have created a custom dashboard, you can update its name or emoji. Once you have added visualization widgets to the dashboard, you can edit them as well as reposition and resize them.
You can only update custom dashboards you created.
You can edit a visualization widget from a custom dashboard you created.
To edit a visualization widget from a custom dashboard:
View the custom dashboard containing the visualization widget you'd like to edit.
In the top-right corner of the visualization widget you'd like to edit, click the three dots icon.
Click Edit visualization settings.
Make desired updates in the Edit visualization settings pop-up modal.
If you'd like to update attributes of the visualization (such as the chart title or orientation), follow either the Using form or Using PantherFlow instructions below.
If you'd like to update the PantherFlow query underlying the visualization outside of the visualize operator annotations (e.g., you'd like to add a where clause), follow the Using PantherFlow instructions below.
To update a visualization widget using the form:
On the left-hand side of the Edit visualization settings pop-up modal, update the visualization form field values as desired.
The form fields reflect the PantherFlow visualize annotations, and include:
In the Data section:
Chart Type: Select Bar chart or Line chart.
Y-axis: Select the field you'd like to be represented on the vertical axis. (Select Auto-detect to allow Panther to infer the value based on your query.)
X-axis: Select the field you'd like to be represented on the horizontal axis. (Select Auto-detect to allow Panther to infer the value based on your query.)
Series: Select the field you'd like to use to group the data. (Select Auto-detect to allow Panther to infer the value based on your query.)
In the Appearance section:
(If Chart Type is Bar chart) Orientation: Select an icon to indicate the direction of the bars.
Orientation can only be altered if Y-axis and X-axis are both set to Auto-detect.
Show legend: Toggle On or Off depending on whether the visualization should have a legend.
(If Show legend is On) Legend Position: Select a value for the legend's placement.
In the Labels section:
Visualization Title: Enter a title for the visualization.
Click Save Changes to update the visualization widget or Cancel to discard your edits.
View the custom dashboard you'd like to update.
Update the Dashboard Name value and/or select a new emoji.
You can adjust both the size and position of each visualization widget in a custom dashboard. Changes made to widget size and position will be saved automatically after changes have stopped for a short period of time. You can only customize the layout of dashboards you created.
To change the size of a widget:
Hover over the lower right-hand corner of a widget.
Click and drag the corner to resize the widget to the desired size.
To change the position of a widget:
Hover over the widget's title.
Click and drag the widget to its new location within the dashboard.
Once a dashboard is deleted, it will not appear in any dashboard lists. You can only delete dashboards you created. If you only need to delete a visualization from a dashboard (and not the entire dashboard as a whole), see Deleting a visualization in a custom dashboard, below.
To delete a custom dashboard:
View the custom dashboard you'd like to delete.
In the Delete Dashboard? pop-up modal, click Confirm.
The dashboard will be deleted and a confirmation notification will be displayed in the lower left-hand corner of the Console window.
You can only delete a visualization widget from a custom dashboard you created.
To delete a visualization widget from a custom dashboard:
View the custom dashboard containing the visualization widget you'd like to remove.
In the top-right corner of the visualization widget you'd like to remove, click the three dots icon.
Click Remove visualization.
Custom dashboards currently have the following limitations:
Your Panther instance can store up to 1,000 custom dashboards.
Hover over the name of the currently displayed dashboard, then click +.
Click the name of the currently displayed dashboard, then click + New Dashboard.
In the top-right corner of the resulting visualization, click the three dots icon, then + Add to dashboard....
A new custom dashboard is created, and this visualization is added to it. In the notification displayed in the lower-left corner of the screen, click Go to dashboard to view the new dashboard.
In the top-right corner of the resulting visualization, click the three dots icon, then + Add to dashboard....
The visualization is added to the custom dashboard. In the notification displayed in the lower-left corner of the screen, click Go to dashboard to view the dashboard.
Under Custom Dashboards, select the dashboard you'd like to view.
Updates to form field values are reflected in the PantherFlow query above (visible by clicking the down arrow icon: ).
On the left-hand side of the Edit visualization settings pop-up modal, click the down arrow icon to expand the PantherFlow query and enter edit mode.
Updates made to the visualize operator will be reflected in the modal form (visible by clicking the up arrow icon: ).
Hover over the title of the dashboard, then click the pencil (Edit Title) icon.
Click the check mark icon to save your changes, or the X icon to discard your changes.
Once the selected dashboard is loaded, hover over its title, then click the trash can icon.
To revert the deletion, in the confirmation notification, click Undo.
