View Aurora Managed Endpoint Defense dashboards in the Aurora Multi-Tenant Console

The dashboard pages for Aurora Managed Endpoint Defense in the Aurora Multi-Tenant Console have an interactive layout that visually displays the various types of alerts that are escalated to an organization, as well as top threats by alert type or target.

You can filter the data by organization and time frame, for example 24 hours, to limit the data shown in the dashboard. These settings can be found on the top right of the Dashboard page. If there is no data available according to the specified timeframe, the widget displays No data.

Theses dashboard views are available out of the box:

  • Executive Summary — A high level view of the overall protection status and threat landscape. For example, visualizations of open and resolved alerts, as well as a map of threat sources.
  • Operations — A brief report of the open escalations and top types of threats allowing users to target high-priority threats and resolve them as soon as possible.
  • Threat Summary — A brief report of the number of incidents, escalated incidents, open escalations, and the top rules that were applied to fewest devices, allowing users to see the effectiveness of their threat strategy and take necessary actions.

Executive Summary dashboard

These alert metrics are displayed in the Executive Summary tab of the dashboard:

  • Device health — View a score that is calculated based on the number of devices running supported versions of the agents, the enablement of agent policy features, and the completion of threat mitigation actions.
  • Protection — View the current percentage of alerts that are resolved.
  • Escalations — View a graph of escalations that shows the ratio of unresolved threats by severity, as well as threats that were already resolved. You can click on parts of this widget to view a list of all open escalations, or view a list of open escalations of a specific severity.
  • Average MTTR in last 30 days — View the average time for analysts to escalate and close alerts in the last 30 days.
  • Targeted users — View the number of users that were targeted.
  • Targeted devices — View the number of devices that were targeted.
  • Unresolved Alerts Severity — View a graph that shows the status of overall alerts by severity. At a glance, you can see the ratio of resolved and unresolved alerts. Unresolved alerts are incoming alerts that Aurora Managed Endpoint Defense analysts are working on that may or may not be escalated to the organization for attention.
  • Threat Source Heat Map — View a map of threat sources to understand where attacks are originating from. You can click the numbers that appear on the map to see the severity of threats for each geographic area.
  • Device health score by tenants — View a list of health scores for each of the tenants that you manage. If the score is below the baseline score (the default baseline score is "A"), it displays in red. Tenants with the lowest scores below the baseline display at the top of the list.
  • Tenant incident volume — View a list of tenants with their average incident volume from the last 7 days. If the average number of incidents is higher than expected, based on the number of devices registered with the tenant, or if there were no incidents within the last 24 hours, then the number beside the tenant is red..

Operations dashboard

  • Device health — A score that is calculated based on the number of devices running supported versions of the Endpoint Defense agents, the enablement of agent policy features, and the completion of threat mitigation actions.
  • Average MTTR in last 30 days — View the average time for analysts to escalate and close alerts in the last 30 days.
  • Open Escalations — View a list of open escalations that might require your attention, such as those with critical and high severity. You can click on an alert to view more details.
  • Top Alert Types — View the alert types of the alerts that are reported most frequently in the organization. For example, memory exploit attempts, script control threats, and network threats.
  • Detected Malware by Subclass — View the top malware types by subclass. For example, trojan, virus, or worm.
  • Top Scripts Convicted — View the top scripts to see the scripts that are both run the most often and generate alerts.
    Tip: Hover over a script in the list to see the full directory path to the script.
  • Alert Types Over Time — View the top alert types that have occurred over a period of time. You can adjust the timeframe by sliding the bar below the x-axis or click the alert types to show or hide them in the graph.
  • Top Targeted Processes — View the processes that are targeted the most by threat actors.
  • Top Targeted Devices — View the devices that are generating the most alerts.
  • Top Targeted Users — View a list of users that have encountered the most threats.
  • Top Response Actions By Type — View a list of the top response actions that were used to resolve threats.

Threat Summary dashboard

  • Response actions taken — The number of actions taken within the specified timeframe.
  • Alerts detected — The number of alerts detected within the specified timeframe.
  • Average MTTR in last 30 days — View the average time for analysts to escalate and close alerts in the last 30 days.
  • Incidents — View the total number of incidents that were escalated and not escalated.
  • Escalated incidents — View a list of incidents that were recently escalated.
  • Device health — A score that is calculated based on the number of devices running supported versions of the agents, the enablement of agent policy features, and the completion of threat mitigation actions.
  • Open Escalations — View a list of open escalations that might require your attention, such as those with critical and high severity. You can click on an alert to see more details.
  • Top Ten Rules Applied to the Fewest Devices — View a list of Aurora Focus rules that were applied to the fewest devices.