Introduction to Crystal Eye XDR Dashboards
Overview¶
The Crystal Eye XDR has a dedicated module for an array of cybersecurity dashboards displaying real-time data about the security of the organisational network and internal systems. These dashboards are designed to provide a 360-degree view of the network and provide detailed insights from a threat perspective.
Crystal Eye XDRs security dashboard has the capability to display the detected anomalies in the network and has extended capabilities to allow manual response through its in-built escalation system. Once the escalation has been made, Red Piranha’s Security Operations Team gets notified and the required actions are taken propagating human-machine teaming in its real sense.
Important
The CE XDR offers three types of dashboards namely, System Dashboard, Security Dashboard and Threat Dashboard.
The user interface of these dashboards is designed to allow creation of custom widgets to support the explicit organisational needs of theming the monitoring as per requirements. The system access control policies can be fine-tuned to provide internal teams read-only access to these dashboards.
Crystal Eye XDR Threat Dashboard¶
Total-threat Detection in the network: This metric is monitored to know the total number of threats detected in the network.
Total Number of Devices with Detection: This metric provides an overview of the total number of devices detected with threats.
Total Number of External IPs Detected: Once the attacker infiltrates the network and infects a system the next step is to establish contact with the C&C (command and control) server. In such cases malicious external IP addresses are one of the most obvious indicators of compromise (IOCs) in the logs displayed by the threat hunt dashboard.
Know the Alerts Over Time: The "Alert Over Time" graph shows the number of alerts against the selected interval of time.
Know the Top Alerting Devices: The CE XDRs IDPS module has extended capabilities to trigger alerts of possible attacks in the network based on the indicators of compromise (IOCs). These alerts are further processed and are blocked or allowed based on the pre-defined IDPS ruleset developed by Red Piranha’s Security Operating Team. A dedicated metric for this purpose is displayed in the threat dashboard that reflects the device name, username associated with the device, the total number of the malware count found in the device with specific inputs whether they were allowed or blocked.
Know the Top Alerting Countries: This is a useful metric that allows the monitoring team to know the top 10 countries from where the alerts originated.
Know Top 10 Malware Detected in the Network: This metric gives a brief overview of the name of the malware found in the CE XDR network and the total count of these malwares in the network.
Know the Top SIDs Triggered in the Network: These are the top IDPS signature identities (SIDs) that have been triggered in the network giving a brief overview of the types of possible anomalies detected in the network.
Network Threat Hunting: This dashboard is designed to provide detailed insights on the network activity, protocol activity and application activity in the network.
View AV Alerts: This section of the threat dashboard lists down the AV Alerts triggered over the period of time. Some of the useful AV alerts categories displayed in this section are the username (associated with the affected device), source IP address (IP address of the affected device), the malicious URL that was clicked/accessed, and the reason why the AV module of the CE XDR blocked access.
View Escalated AV Alerts & Gateway Scan Alerts: The Crystal Eye XDR offers leverage to the monitoring team to escalate the AV alerts & gateway scan alerts to Red Piranha’s Security Operation Team. These alerts can also be exported in PDF and JSON report format.
View Escalated IDPS Alerts: The Crystal Eye XDR offers leverage to the monitoring team to escalate the IDPS alerts to Red Piranha’s Security Operation Team. These alerts can also be exported in PDF and JSON report format.
Active Session Tracking: The Active Session dashboard helps in tracking bandwidth usage by network interfaces and provides real-time data related to active network sessions established by end-clients in the Crystal Eye XDR network.
Crystal Eye XDR System Dashboard¶
The System Dashboard of CE provides a quick glimpse of information related to LAN Interface, WAN Interface, Process CPU Usage, Process Memory Usage, App Status, Events – Last 24 Hours, Shutdown/Restart, Users and Groups, Disk Usage and Recent Software Activity.
Know the extent of data packets received and transmitted in the LAN & WAN network: This information can be viewed in two widgets namely, Network LAN Interface Report and Network External Interface Report. These graphical reports can help CE XDR administrators detect a sudden spike in the data packets received and transmitted in the LAN, WAN and Wifi network. The CE XDR administrator can retrieve data related to the data packets received and transmitted in the LAN, WAN and Wifi network interface for a time period of upto 3 months in this report.
Monitor the CPU Usage of the Crystal Eye XDR: The process CPU Usage widget shows the CPU usage percentage of the Crystal Eye XDR. It also shows the current CPU usage percentage of the Crystal Eye XDR. The CE XDR administrator can retrieve data related to the CPU usage percentage of Crystal Eye appliance for a time period of upto 3 months.
Monitor the Process Memory Usage details of the Crystal Eye XDR: The process Memory Usage widget shows the Memory usage percentage and the current Memory usage percentage of the Crystal Eye XDR. The CE XDR administrator can retrieve data related to the Memory usage percentage for a time period of upto 3 months.
Monitor the running status of major applications of CE XDR: This widget provides real-time running status information of whether the major applications of Crystal Eye XDR.
Monitor the latest event notifications of the Crystal Eye XDR: The CE XDR administrator can easily know various event notifications. The different types of Events recorded by the Crystal Eye XDR are Informational Events, Warning Events, and Critical Events.
Re-starting and shutting down CE XDR is a click away: The CE XDR administrator can shutdown and restart the Crystal Eye XDR on a click of the button.
Adding New Crystal Eye Users and Groups: This widget can be used as a shortcut method to quickly create Users and Groups. It also has a monitoring panel where the CE XDR administrator can know the number of users and groups created in the CE XDR.
Monitor the Disk Usage: This widget can be used for periodical monitoring of the disk space used in the Crystal Eye appliance. Excess usage of the disk space of the Crystal Eye XDR can hamper its performance and hence its important to check the extent of disk usage in the CE XDR.
View the most recent software activity: The CE administrator can monitor the latest updates on all applications, the version it is updated to and timestamp of the update.
Crystal Eye XDR Security Dashboard¶
The Crystal Eye XDR’s Security Dashboard provides a 360 degree view of the various security related alerts that are derived from the attacks pointed towards the Crystal Eye XDR network. The security dashboard provides real time information of the activities that have been banned in the CE XDR network. The dashboard provides visuals showing the attack IP and country from where it originated.
View and Unban the IPs Banned By Crystal Eye XDR’s Forcefield: The CE XDR has an excellent mechanism that bans IP addresses that have surpassed the authentication failure threshold. The list of these banned IP addresses is displayed in the IP Attack Map.
Global map displaying different types of attacks targeted towards Crystal Eye: The CE administrator can view the different types of attacks targeted towards Crystal Eye. The attacks and the country from where it originates are displayed on the world map.
Know the size of the data transferred using a particular protocol: The traffic size or the size of the data transferred using a particular protocol is displayed (for example: SSL protocol – 119 MB).
Know the traffic size sent and received by a device on the CE XDR network: The data that is transferred and received by a particular device connected to the CE XDR network is recorded and displayed. The device name is clearly mentioned with the traffic size mentioned in MB.
Get real-time IDPS Alerts Report: One of the most informative features of the security dashboard is its ability to provide real-time IDPS report. The information displayed here helps CE XDR administrators know more about the attacks targeted towards the CE XDR from various locations across the world in the form of IDPS alerts. As soon as the attack is detected by the CE XDR it displays the Timestamp, Source IP, Destination IP, Country Name, Region Name, Attack Description etc.
Examining and evaluating files as they transit in real time for malware and virus: Crystal Eye XDR makes use of a combination of signature and heuristic analysis to classify files to detect and automatically block malicious files in order to prevent the network from being infected.
Monitoring IDPS Statistics: Crystal Eye’s IDPS statistics can be constantly observed in the security dashboard. The Statistics report is displayed in the form of a visual graphic widget that shows the total number of IDPS related alerts, netflow events, DNS requests, SSH connections and top alerts rule SID triggered on a particular day and at a particular time.
Real-time updates regarding the download size and upload size of data in devices connected to the CE network: Detecting anomalies in the Crystal Eye XDR network becomes easier when the CE administrator has capabilities to know the amount of data downloaded and uploaded to a device in the Crystal Eye XDR network.
View the devices categorised under various device types in the CE network: This feature lessens the administrative tasks of a system administrator by listing devices according to its device type category.
Analyse protocols used in the CE XDR network: Get a 360 degree view of the various protocols used in the CE XDR network. Measure the traffic size aligned to each protocol.