Investigation Dashboard

The Investigation Dashboard provides powerful tools for identifying and assessing problems that might exist in your Guardium environment. It uses either local or system-wide unfiltered data, and provides numerous filter options to query data across an entire Guardium environment, potentially from any Guardium collector within that environment.

The Investigation Dashboard provides inter-related charts that help reveal patterns, anomalies, and relationships across your data. It does not require detailed knowledge of topology, aggregation, or load balancing schemes. It contains the original quick search for enterprise functions, and other tools for visualizing and analyzing data.

Note: It is recommended to view the Investigation Dashboard in full screen mode.

Restriction: The Investigation Dashboard and the Data Level Security cannot be enabled concurrently.

Operating Modes

The Investigation Dashboard supports three operating modes:

Central Manager only

Queries are submitted on a Central Manager return enterprise-wide results from all Guardium collectors with search enabled. Queries that are submitted on managed units return local results.

Central Manager only is the default operating mode.

All machines

Enterprise-wide search queries are submitted from any machine in the Guardium environment with search enabled. This mode can result in slower search results and requires connectivity between all managed units in the environment.

Local only

This mode limits search queries to the local collector where the search is submitted: no data is retrieved from other collectors in the Guardium environment. On a CM on local only mode, there is no data displayed.

See GuardAPI Quick Search for Enterprise Functions for information about setting the search mode.

Dashboard Components

A dashboard is a collection of one or more of the following items:

Three-axis data graphs, which are known as trimetric charts. These graphs can be displayed as a color map, bar graph, bubble graph, line graph, pie graph, step graph, and area graph.
Animated bubble chart - an animated visualization of data changes over the last 48 hours.
Activity chart - a line chart that displays the volume of activity and outliers. It is located above the Results table.
Results table - provides the search results and investigation features of the original quick search. The Results Table is always at the bottom of the dashboard. It can be added to any dashboard.
Facet list of one or more of Where, Who, What, Exception, and When. It appears on the left side of every dashboard and cannot be removed.

There are four default DAM views and two default FAM views, each with different charts and tables. Select the view from the dashboard menu Navigation . The default views cannot be modified.