Panther-Managed Dashboards
Use the Panther Console overview dashboard to quickly identify and act on alerts
Last updated
Was this helpful?
Use the Panther Console overview dashboard to quickly identify and act on alerts
Last updated
Was this helpful?
There are four dashboards within the Panther Console Dashboards page:
Overview: Displays alert and log ingestion data, such as alert total over time by severity and volume of data ingestion by log source.
Learn more below, in .
Cloud Security: Visualizes data, such as the number of cloud resources failing policy checks.
Data: Visualizes log ingestion data, such as the volume of events processed and data latency by log type.
MITRE ATT&CK®: Visualizes coverage against MITRE ATT&CK® framework by mapping rules, policies and scheduled rules to reports.
Learn more on .
The Panther Console's overview dashboard lets you quickly identify trends and act on threats. The dashboard includes key alert metrics and actionable environment information.
The Overview dashboard is the first page you'll see when you log in to the Panther Console. To access it from a different area of the Console, click Dashboard > Overview in the left sidebar menu.
Use the date range picker in the upper right corner of the page to set a time range for all charts in the dashboard. This filter defaults to showing the last week.
Each chart contains clickable metrics and/or actions, which you can follow to dig deeper into an alert.
The tiles in the upper section of the overview dashboard, such as Open Unassigned Alerts by Severity and Alerts by Severity and Status, include information that your team may need to address urgently. Additional tiles contain information that can inform proactive investments in your Panther instance.
This chart helps answer the question, "Am I under attack?"
View a list of all open alerts that have not yet been assigned to a user, grouped by severity, within the specified time range.
Click on a bar in the graph to see a list of the specific alerts at that severity level.
Click on a severity level to filter it in and out of your chart view.
Click Triage Alerts in the upper right corner to take further action.
This table helps answer the question, "How severe is the attack?"
View a list of all alerts, broken down by severity and status, within the specified time range.
Click on numbers in the grid to see a list of the specific alerts at that severity level and status.
This chart can help visualize how your team is working through alerts.
This tile helps answer the question, "What have I been assigned to help mitigate the attack?"
View a list of all alerts that have been assigned to you within the specified time range.
This tile helps answer the questions, "When did the attack occur? Is it still happening?"
View the total number of alerts over the specified time range, by severity.
Click the severity levels on the left of the chart to filter them in and out.
Use the slider at the bottom of the chart to alter the duration of time shown.
Current Period is the time range designated by the date picker in the upper right corner of the page. Previous Period is the same duration of time, directly before the Current Period.
This chart helps answer the question, "Where is the attack coming from?"
View the log types associated with the most alerts, within the specified time range.
This chart helps answer the question, "Is this just noise?"
View the detections triggering the most alerts, within the specified time range.
This can help you determine which detections may need to be tuned to decrease unnecessary noise.
This chart helps answer the question, "Are my data sources functioning as expected?"
View the amount of data your Panther account has ingested within the specified time range, by log source.
Use the slider at the bottom of the chart to alter the duration of time shown.
Click Reset to switch from Logarithmic to Linear view, and/or to reset the slider. Note that this button does not reset the selected Interval or overall date/time range.
