nano SIEM
User Guide

Dashboards

Dashboards

Dashboards provide a powerful way to visualize and monitor your security data through customizable panels and charts. nano offers multiple ways to create dashboards, from manual creation to AI-powered generation.

Overview

Dashboards in nano are:

  • Interactive - Click on data points to drill down into detailed searches
  • Real-time - Auto-refresh capabilities with configurable intervals
  • Flexible - Drag-and-drop layout with resizable panels
  • Shareable - Public/private visibility controls and export/import functionality
  • Variable-driven - Dynamic filtering with dashboard-level variables

Creating Dashboards

Manual Creation

  1. Navigate to Dashboards

    • Go to Dashboards in the main navigation
    • Click "Create Dashboard"

  2. Configure Basic Settings

    • Name: Give your dashboard a descriptive name
    • Description: Optional description for context
    • Visibility: Choose between Private (only you) or Public (all users)

  3. Add Panels

    • Click "Edit" to enter edit mode
    • Use "Add Panel" to create new visualizations
    • Configure each panel's query, visualization type, and settings

AI-Powered Dashboard Generation

nano includes an AI wizard that can automatically generate dashboards based on your requirements:

  1. Start the AI Wizard

    • Click "Generate with AI" on the Dashboards page
    • Describe what you want to monitor using natural language

  2. AI Analysis

    • The AI analyzes your data sources and security requirements
    • Generates appropriate queries and visualization types
    • Creates a complete dashboard layout with relevant panels

  3. Review and Customize

    • Review the generated dashboard
    • Make adjustments as needed
    • Save and start using immediately

AI Prompting Best Practices

Be Specific About Your Use Case

❌ Poor: "Create a security dashboard"
✅ Good: "Create a SOC analyst dashboard for monitoring web application attacks, including failed logins, suspicious IP addresses, and HTTP error rates"

Include Context About Your Environment

✅ "Create a network monitoring dashboard for our e-commerce platform, focusing on Apache web servers, MySQL databases, and payment processing systems"

Specify Time Ranges and Metrics

✅ "Build a real-time dashboard showing the last 4 hours of activity with panels for: event volume trends, top source countries, and critical alert counts"

Mention Specific Data Sources

✅ "Generate a dashboard for Sysmon logs showing process creation events, network connections, and file modifications with geographic distribution"

Sample AI Prompts

SOC Operations Dashboard

"Create a Security Operations Center dashboard for monitoring our enterprise network. Include panels for:
- Real-time alert volume over the last 24 hours
- Top 10 source IP addresses by event count
- Critical and high-severity alerts count
- Geographic distribution of traffic
- Recent failed authentication attempts
- Network protocol breakdown
Focus on actionable metrics that help identify ongoing threats."

Web Application Security

"Build a web application security dashboard for Apache and Nginx logs. Show:
- HTTP response code distribution (200, 404, 500 errors)
- Top requested URLs and potential attack patterns
- Failed login attempts and brute force indicators
- Geographic origin of suspicious requests
- Bandwidth usage trends over time
- SQL injection and XSS attempt detection
Use time series charts for trends and tables for detailed breakdowns."

Network Infrastructure Monitoring

"Create a network infrastructure dashboard focusing on:
- Bandwidth utilization trends for the last 7 days
- Top talkers (source and destination IPs)
- Protocol distribution (HTTP, HTTPS, DNS, etc.)
- Connection success/failure rates
- Unusual port activity detection
- Network device health metrics
Include both summary metrics and detailed drill-down capabilities."

Threat Hunting Dashboard

"Generate a threat hunting dashboard for advanced persistent threat detection:
- Suspicious process execution patterns
- Unusual network connections to external IPs
- File system modifications in sensitive directories
- PowerShell and command line activity
- Lateral movement indicators
- Privilege escalation attempts
Focus on low-frequency, high-impact events that might indicate compromise."

Compliance and Audit Dashboard

"Build a compliance monitoring dashboard for SOX/PCI requirements:
- User access and privilege changes
- Administrative actions and configuration changes
- Data access patterns and anomalies
- Failed access attempts to sensitive systems
- Audit log completeness and integrity
- Policy violation incidents
Structure it for executive reporting with clear metrics and trend analysis."

Cloud Security Dashboard

"Create a cloud security dashboard for AWS/Azure environments:
- IAM policy changes and new user creations
- Unusual API call patterns and failed authentications
- Resource provisioning and termination events
- Security group and firewall rule modifications
- Data exfiltration indicators
- Cost anomalies that might indicate compromise
Include geographic analysis and time-based trending."

Tips for Better AI Results

  1. Use Security Terminology

    • Mention specific attack types (brute force, SQL injection, DDoS)
    • Reference security frameworks (MITRE ATT&CK, NIST)
    • Include compliance requirements (PCI-DSS, HIPAA, SOX)

  2. Specify Visualization Preferences

    • "Use line charts for time trends"
    • "Show geographic data as pie charts"
    • "Include single-value metrics for KPIs"
    • "Use tables for detailed event listings"

  3. Define Time Contexts

    • "Real-time monitoring" vs "Historical analysis"
    • "Last 24 hours" vs "Weekly trends"
    • "Business hours only" vs "24/7 monitoring"

  4. Include Operational Context

    • Team size and expertise level
    • Shift patterns and coverage
    • Escalation procedures and thresholds
    • Integration with existing tools

  5. Iterate and Refine

    • Start with a broad request, then refine
    • Ask for specific modifications: "Add a panel showing..."
    • Request different visualization types: "Change the bar chart to..."
    • Adjust time ranges: "Focus on the last 4 hours instead of 24"

From Search Results

The fastest way to create dashboards is directly from search results:

  1. Run a Search Query

    • Execute any search in the Search interface
    • Analyze the results to ensure they're what you want

  2. Add to Dashboard

    • Click the "Add to Dashboard" button in the search results
    • Choose visualization type (bar chart, line chart, table, etc.)
    • Select existing dashboard or create new one

  3. Instant Panel Creation

    • Panel is automatically created with your query
    • Navigate directly to the dashboard to see results

Supported Chart Types

Bar Charts

  • Best for: Categorical data, top N analysis, comparisons
  • Features: Horizontal/vertical orientation, stacking, grouping
  • Use cases: Top source IPs, event counts by type, user activity

Line Charts

  • Best for: Time-series data, trends over time
  • Features: Multiple series, smooth curves, point markers
  • Use cases: Event volume over time, response time trends

Area Charts

  • Best for: Time-series with emphasis on volume/magnitude
  • Features: Filled areas, stacking, opacity control
  • Use cases: Cumulative metrics, bandwidth usage, alert volumes

Pie Charts

  • Best for: Part-to-whole relationships, proportions
  • Features: Donut style, percentage labels, center totals
  • Use cases: Traffic distribution, alert severity breakdown

Tables

  • Best for: Detailed data, exact values, multiple columns
  • Features: Sorting, pagination, column configuration
  • Use cases: Log details, user lists, configuration data

Single Value

  • Best for: Key metrics, KPIs, status indicators
  • Features: Threshold colors, trend indicators, units
  • Use cases: Total events, error rates, system status

Timeline

  • Best for: Event sequences, time-based analysis
  • Features: Time-focused area charts with enhanced time controls
  • Use cases: Attack timelines, system events, user sessions

Dashboard Features

Interactive Drilldown

Click on any data point in charts to automatically:

  • Navigate to the Search page
  • Apply filters based on the clicked data
  • Maintain the current time range
  • Show detailed results for investigation

Auto-Refresh

Configure automatic data updates:

  • Intervals: 30 seconds, 1 minute, 5 minutes, 15 minutes
  • Manual Control: Refresh individual panels or entire dashboard
  • Status Indicators: Shows last update time and refresh status

Time Range Controls

  • Dashboard-level: Set time range for all panels
  • Panel-level: Override with custom time ranges per panel
  • Synchronized: All panels update together when time range changes

Variables and Filters

Create dynamic dashboards with variables:

  • Dashboard Variables: Define filters that apply to multiple panels
  • Query Substitution: Use $variable syntax in panel queries
  • Interactive Controls: Dropdown selectors, text inputs, multi-select
  • Real-time Updates: Panels refresh automatically when variables change

Layout Management

  • Grid System: 12-column responsive grid layout
  • Drag and Drop: Rearrange panels by dragging
  • Resizing: Adjust panel sizes by dragging corners
  • Auto-Layout: Smart positioning for new panels

Dashboard Management

Sharing and Collaboration

Public Dashboards

  • Visible to all users with dashboard view permissions
  • Useful for team dashboards and common monitoring views
  • Can be edited by users with appropriate permissions

Private Dashboards

  • Only visible to the creator
  • Perfect for personal analysis and work-in-progress dashboards
  • Can be made public later if needed

Sharing URLs

  • Copy dashboard URLs to share with team members
  • URLs include dashboard ID for direct access
  • Recipients need appropriate permissions to view

Export and Import

Export Dashboards

  • Download as JSON files for backup or sharing
  • Includes all panel configurations, queries, and layout
  • Version information for compatibility tracking

Import Dashboards

  • Upload JSON files to recreate dashboards
  • Automatically assigns to importing user
  • Validates structure and compatibility

Version Control

  • Auto-save: Changes are saved automatically in edit mode
  • Update Tracking: Last modified timestamps and user information
  • Backup: Export before major changes for safety

Best Practices

Dashboard Design

  1. Focus on Purpose

    • Create dashboards for specific use cases (network monitoring, user activity, etc.)
    • Avoid cramming too many unrelated metrics into one dashboard

  2. Logical Layout

    • Place most important metrics at the top
    • Group related panels together
    • Use consistent sizing for similar content types

  3. Performance Optimization

    • Use appropriate time ranges for your data volume
    • Consider using single value metrics for high-level KPIs
    • Limit the number of panels per dashboard (8-12 recommended)

Query Optimization

  1. Efficient Queries

    • Use specific filters to reduce data volume
    • Leverage indexed fields for better performance
    • Consider using aggregations instead of raw data

  2. Variable Usage

    • Create variables for commonly filtered fields
    • Use meaningful variable names and labels
    • Provide sensible default values

Maintenance

  1. Regular Review

    • Periodically review dashboard relevance and accuracy
    • Update queries as your data sources evolve
    • Remove or update outdated panels

  2. Performance Monitoring

    • Monitor dashboard load times
    • Optimize slow-performing queries
    • Consider breaking large dashboards into focused ones

Common Use Cases

Security Operations Center (SOC)

Dashboard: "SOC Overview"
Panels:
  - Alert Volume (Timeline)
  - Top Alert Types (Bar Chart)
  - Critical Alerts (Single Value)
  - Recent High-Priority Events (Table)
  - Geographic Distribution (Pie Chart)

Network Monitoring

Dashboard: "Network Security"
Panels:
  - Bandwidth Usage (Area Chart)
  - Top Source IPs (Bar Chart)
  - Connection Status (Single Value)
  - Protocol Distribution (Pie Chart)
  - Failed Connections (Line Chart)

User Activity Analysis

Dashboard: "User Behavior"
Panels:
  - Login Activity (Timeline)
  - Top Active Users (Bar Chart)
  - Failed Login Attempts (Single Value)
  - User Locations (Table)
  - Activity by Hour (Line Chart)

Threat Hunting

Dashboard: "Threat Intelligence"
Panels:
  - Suspicious IPs (Table)
  - Malware Detections (Single Value)
  - Attack Patterns (Timeline)
  - IOC Matches (Bar Chart)
  - Risk Score Distribution (Pie Chart)

Troubleshooting

Common Issues

Panels Not Loading

  • Check query syntax and permissions
  • Verify time range includes data
  • Review panel query in Search page first

Performance Issues

  • Reduce time range scope
  • Optimize queries with specific filters
  • Consider using aggregations instead of raw data

Layout Problems

  • Refresh the page to reset layout engine
  • Check browser zoom level (100% recommended)
  • Clear browser cache if panels appear misaligned

Variable Issues

  • Ensure variable names match query placeholders
  • Check variable default values are valid
  • Verify variable queries return expected results

Getting Help

  1. Test Queries: Always test panel queries in the Search interface first
  2. Check Permissions: Ensure you have appropriate dashboard and data access permissions
  3. Review Logs: Check application logs for specific error messages
  4. Export/Import: Use export functionality to backup working configurations

Dashboards are a powerful tool for transforming raw security data into actionable insights. Start with simple dashboards and gradually add complexity as you become more familiar with the features and your specific monitoring needs.

Investigation Notebooks & AI Analysis

Previous Page

Prevalence Tracking

Next Page

Edit this page on GitHub
On this page

On this page

Dashboards
Overview
Creating Dashboards
Manual Creation
AI-Powered Dashboard Generation
AI Prompting Best Practices
Sample AI Prompts
Tips for Better AI Results
From Search Results
Supported Chart Types
Bar Charts
Line Charts
Area Charts
Pie Charts
Tables
Single Value
Timeline
Dashboard Features
Interactive Drilldown
Auto-Refresh
Time Range Controls
Variables and Filters
Layout Management
Dashboard Management
Sharing and Collaboration
Export and Import
Version Control
Best Practices
Dashboard Design
Query Optimization
Maintenance
Common Use Cases
Security Operations Center (SOC)
Network Monitoring
User Activity Analysis
Threat Hunting
Troubleshooting
Common Issues
Getting Help