Security Dashboard widget - Security events
The Security events widget displays an aggregate view of all security events that were detected in the past 60 days. The security events are categorized based on whether a risk rule is configured for those events. Administrators can hover over the Security Events bar in this widget to view the total number of security events in each category.
MaaS360 uses separate color codes to clearly differentiate the events that have risk rules configured from the events that do not have risk rules configured in the MaaS360 Portal. Administrators can drill down to the Security Events page from this widget, where they can view the detailed summary of exposed devices, track the event types without risk rules, and enhance security by modifying the risk rules or configuring new risk rules. Administrators can also track the top 5 event types without risk rules that contributed to the most security events in their organization.
These enhancements allow administrators to identify security vulnerabilities in their organization and help them make informed decisions such as configuring risk rules and updating policy settings.
Viewing all the security events
MaaS360 displays an overall view of all the security events detected in your organization on the Security events page.
Administrators can use the Security events page to:
- View information about all the security events in a centralized location.
- Identify the security events that do not have a risk rule configured based on the color codes.
- View the detailed summary of exposed devices including event type, username, device name,
platform, device managed status, and the time of detection.
- Filter security events to narrow down the exposed devices list based on risk rule configuration, managed device status, event type, platform, and date range.
- Use the event type, username, and device name hyperlinks to easily navigate to the corresponding detail view page.
- Track all event types in one place. The event types are categorized into two separate sections:
No risk rules configured and Risk rules configured.
In each section, MaaS360 displays the number of security event occurrences detected against each
event type.
- Administrators can click the arrow mark next to each event type to view detailed information
about that event type. In the detailed view page, MaaS360 displays the number of exposed devices and
occurrences.
For event types without a risk rule, MaaS360 displays the Configure risk rule button. Clicking on this button redirects administrators to the Risk Rule Configurator page, where they can configure the risk rule for the corresponding event type.
Note: The new risk rules affect future events only.For event types with a risk rule, MaaS360 displays the existing risk rule and its severity. Clicking on this button redirects administrators to the Risk Rule Configurator page, where they can edit the risk rule severity and threshold for the corresponding event type.