search
Knowledge BaseRelease NotesRequest Demo

Custom Dashboards (Beta)

Build custom dashboards to visualize and track important data in Panther

hashtag
Overview

circle-info

Custom dashboards are in open beta starting with Panther version 1.112, and are available to all customers. Please share any bug reports and feature requests with your Panther support team.

Custom dashboards in Panther allow you to group data visualizations that provide insights tailored to your organization's needs. You can customize each dashboard to display key metrics, such as data ingest volume, alert volume, and any other trends you'd like to monitor at a glance.

A custom dashboard is made up of one or more visualizations, or "widgets." Each visualization is generated from a PantherFlow query using the visualize operator. After you create a dashboard, you can apply filters on all visualizations.

Learn how to build a custom dashboard, access your custom dashboards, and more, below.

Under a header reading "My custom dashboard" are six rectangles of various sizes. Each one contains a chart—one is a line chart and the five others are bar charts. Each chart has a name, e.g., "Number of alerts per severity, processed per month"

hashtag
Creating a custom dashboard and adding visualizations

To build a custom dashboard, first you will create the dashboard, then you will add one or more visualizations.

hashtag
Creating a custom dashboard

You can create a custom dashboard in the Panther Console from either the Dashboard or Search page.

Creating a custom dashboard from the Dashboard page

  1. In the left-hand navigation bar of your Panther Console, click Dashboard.

    • This is the landing page when logging into the Panther Console.

  2. To create a dashboard, either:

    • Hover over the name of the currently displayed dashboard, then click +. To the right of an "Overview" header, a plus sign is circled. Its tooltip reads "Add New Dashboard"

    • Click the name of the currently displayed dashboard, then click + New Dashboard. Under a header reading "Overview" a "+ New Dashboard" button is circled.

  3. Now that your new dashboard exists, you can add one or more visualization widgets and update the name and/or emoji of the dashboard.

hashtag
Adding a visualization to a custom dashboard

After you have created a custom dashboard, you can add a visualization widget to it. You can only add visualizations to dashboards you created.

  1. In the left-hand navigation bar of your Panther Console, click Investigate > Search.

  2. Run a PantherFlow search that uses the visualize operator.

  3. In the top-right corner of the resulting visualization, click the three dots icon, then + Add to dashboard.... An arrow is drawn from a three-dots icon to a button reading "+ Add to dashboard..."

  4. Select the name of the custom dashboard you'd like to add the visualization to.

    • The visualization is added to the custom dashboard. In the notification displayed in the lower-left corner of the screen, click Go to dashboard to view the dashboard. A "Go to dashboard" button is circled.

circle-info

If the custom dashboard you add your visualization to has filters, they will be inserted into to your PantherFlow query when it is added to the dashboard.

hashtag
Viewing a custom dashboard and its PantherFlow queries

A dashboard is made up of one or more visualizations, each powered by a PantherFlow query.

hashtag
Viewing a custom dashboard

To view a custom dashboard in your Panther Console:

  1. In the left-hand navigation bar of your Panther Console, click Dashboards.

    • This is the landing page when logging into the Panther Console.

  2. In the upper-left corner, click Overview.

  3. Under Custom Dashboards, select the dashboard you'd like to view.

hashtag
Viewing a visualization's PantherFlow query

It may be helpful to see the PantherFlow query underlying a visualization widget. You can view the query in the Edit modal or in Search:

hashtag
Viewing a visualization's PantherFlow query in the Edit modal

  1. In the upper right-hand corner of the visualization widget for which you'd like to view the PantherFlow query, click the three dots icon.

  2. Click Edit visualization settings.

  • On the Edit visualization settings pop-up modal, in the left-side panel, click the down arrow icon to expand and view the PantherFlow query.

hashtag
Updating a custom dashboard

Once you have created a custom dashboard, you can update its name or emoji. Once you have added visualization widgets to the dashboard, you can edit them as well as reposition and resize them.

You can only update custom dashboards you created.

hashtag
Editing a visualization

You can edit a visualization widget from a custom dashboard you created.

To edit a visualization widget in a custom dashboard:

  1. View the custom dashboard containing the visualization widget you'd like to edit.

  2. In the top-right corner of the visualization widget you'd like to edit, click the three dots icon.

  3. Click Edit visualization settings.

  4. Make desired updates in the Edit visualization settings pop-up modal.

    • If you'd like to update attributes of the visualization (such as the chart title or orientation), follow either the Using form or Using PantherFlow instructions below.

    • If you'd like to update the PantherFlow query underlying the visualization outside of the visualize operator annotations (e.g., you'd like to add a where clause), follow the Using PantherFlow instructions below.

To update a visualization widget using the form:

  1. On the left-hand side of the Edit visualization settings pop-up modal, update the visualization form field values as desired.

    Under an "Edit visualization settings" header, a form with various fields (including "Chart Type" and "Orientation") is circled.

    • Updates to form field values are reflected in the PantherFlow query above (visible by clicking the down arrow icon: Arrow pointing downward enclosed in a circle.).

    • The form fields reflect the PantherFlow visualize annotations, and include:

      • In the Data section:

        • Chart Type: Select Bar chart, Line chart, or Table chart.

        • (If Chart Type is Bar chart or Line chart) Y-axis: Select the field you'd like to be represented on the vertical axis. (Select Auto-detect to allow Panther to infer the value based on your query.)

        • (If Chart Type is Bar chart or Line chart) X-axis: Select the field you'd like to be represented on the horizontal axis. (Select Auto-detect to allow Panther to infer the value based on your query.)

        • (If Chart Type is Bar chart or Line chart) Series: Select the field you'd like to use to group the data. (Select Auto-detect to allow Panther to infer the value based on your query.)

      • (If Chart Type is Bar chart or Line chart) In the Appearance section:

        • Orientation: Select an icon to indicate the direction of the bars.

          • Orientation can only be altered if Y-axis and X-axis are both set to Auto-detect.

        • Show legend: Toggle On or Off depending on whether the visualization should have a legend.

        • (If Show legend is On) Legend Position: Select a value for the legend's placement.

      • In the Labels section:

        • Visualization Title: Enter a title for the visualization.

  2. Click Save Changes to update the visualization widget or Cancel to discard your edits.

hashtag
Updating the name or emoji of a custom dashboard

  1. View the custom dashboard you'd like to update.

  2. Hover over the title of the dashboard, then click the pencil (Edit Title) icon. A pencil icon is circled. Its tooltip reads "Edit Title."

  3. Update the Dashboard Name value and/or select a new emoji.

  4. Click the check mark icon to save your changes, or the X icon to discard your changes. An X and a check mark are next to one another and are both circled.

hashtag
Customizing the layout of a custom dashboard

You can adjust both the size and position of each visualization widget in a custom dashboard. Changes made to widget size and position will be saved automatically after changes have stopped for a short period of time. You can only customize the layout of dashboards you created.

hashtag
Resizing a visualization widget

To change the size of a widget:

  1. Hover over the lower right-hand corner of a widget.

  2. Click and drag the corner to resize the widget to the desired size.

hashtag
Repositioning a visualization widget

To change the position of a widget:

  1. Hover over the widget's title.

  2. Click and drag the widget to its new location within the dashboard.

hashtag
Deleting a custom dashboard or its visualizations

hashtag
Deleting a custom dashboard

Once a dashboard is deleted, it will not appear in any dashboard lists. You can only delete dashboards you created. If you only need to delete a visualization from a dashboard (and not the entire dashboard as a whole), see Deleting a visualization in a custom dashboard, below.

To delete a custom dashboard:

  1. View the custom dashboard you'd like to delete.

  2. Once the selected dashboard is loaded, hover over its title, then click the trash can icon. A trash can icon is circled. Its icon reads "Delete Dashboard."

  3. In the Delete Dashboard? pop-up modal, click Confirm.

    • The dashboard will be deleted and a confirmation notification will be displayed in the lower left-hand corner of the Console window.

    • To revert the deletion, in the confirmation notification, click Undo. An "Undo" button is circled.

hashtag
Deleting a visualization in a custom dashboard

You can only delete a visualization widget from a custom dashboard you created.

To delete a visualization widget from a custom dashboard:

  1. View the custom dashboard containing the visualization widget you'd like to remove.

  2. In the top-right corner of the visualization widget you'd like to remove, click the three dots icon.

  3. Click Remove visualization.

    An arrow is drawn from a three-dots icon to a "Remove visualization" button.

hashtag
Limitations of custom dashboards

Custom dashboards currently have the following limitations:

  • Your Panther instance can store up to 1,000 custom dashboards.

hashtag
Dashboard filters and variables

You can add filters to your custom dashboard, which allow you and others viewing your dashboard to drill down on certain fields across all visualizations.

  • Dashboard filters:

    • Apply to all visualization widgets on your custom dashboard (though you can manually exclude certain visualization widgets from a filter)

      • Panther applies the filter by inserting a where clause in the PantherFlow statements underlying all visualization widgets on the dashboard

    • Create dashboard variables

  • Dashboard variables:

    • Are created when a filter is created, and are used in the where clauses Panther appends to each visualization widget's underlying PantherFlow

    • Can be used in custom PantherFlow clauses (outside the where clauses Panther auto-adds)

hashtag
Creating a dashboard filter and variable

You can only add filters to custom dashboards you own (though anyone viewing your dashboard can provide values).

To add a filter to a custom dashboard:

  1. View the custom dashboard you'd like to apply a filter on.

  2. Under the dashboard title, click Add Filter.

  1. In the dropdown, search for and select a field you'd like to filter on. Adding this filter (even before entering any values):

  1. Add values to the filter—see Providing values to a filter/variable to learn about how to enter values depending on the data type of the field you're filtering on.

    • Adding values doesn't change the visualization widgets' underlying PantherFlow; it only changes the value of the variable that's already been added in a where clause.

hashtag
Providing values to a filter and variable

Creating a dashboard filter creates a variable, which is used in a where clause inserted in each visualization widget and able to be used in custom clauses. You can then provide values to the variable.

How you enter filter values depends on the data type of the field you're filtering on:

hashtag
Providing values to a string filter/variable

  1. Click the filter.

  2. If the value you'd like to filter on is available in the dropdown, click its checkbox.

    • The dropdown options do not represent all available options—they are some of the values of the field that are currently found in the data set.

    • If you update the Date Range filter value, the data set will be refreshed, and the options may change.

    • You can also enter custom values:

For string fields, a where clause like the following will be added to the PantherFlow query underlying each visualization widget (in this example, we are using p_alert_severity):

hashtag
Excluding a visualization widget from a filter

When a filter is created, it's automatically added to every visualization widget in the custom dashboard. If you prefer a certain visualization not be filtered:

hashtag
Using a variable in a custom PantherFlow clause

After you've created a variable (by creating a filter) and provided it a value, you may want to use it in custom clauses in the PantherFlow underlying a visualization.

  1. Follow the steps in Editing a visualization to access a visualization widget's PantherFlow editor.

  2. Modify the PantherFlow using the variable.

hashtag
Resetting a filter and variable value

  • To reset a dashboard variable's value, click the filter, then click Clear.

    • It's not possible to reset the value of a time filter.

hashtag
Deleting a dashboard filter and variable

When you delete a filter from a custom dashboard, you also delete the variable(s) it created.

To remove a dashboard filter and its related variable(s):

  1. Click Add Filter.

  2. Uncheck the field you'd like to remove.

    • There where clause added to the underlying PantherFlow queries of each visualization will be removed.

circle-exclamation

When you delete a filter:

  • If you've modified the where clause Panther inserted when you created a filter, Panther may not be able to properly remove it—you may have to do so manually.

  • If you've used the variable in any custom PantherFlow clauses, Panther will not remove them—you must do so manually.

PreviousVisualization and DashboardsNextPanther-Managed Dashboards

Last updated

Was this helpful?