Dashboard

The dashboard pages for Aurora Managed Endpoint Defense have an interactive layout that visually displays the types of alerts that are escalated in your organization, as well as top threats by alert type or target.

You can filter the data by organization and time frame, for example 24 hours, to limit the data shown in the dashboard. These settings can be found on the top right of the Dashboard page. If there is no data available according to the specified timeframe, the widget displays No data.

These dashboard views are available out of the box:

  • Executive Summary — A high level view of the overall protection status and threat landscape. For example, visualizations of open and resolved alerts, an a map of threat sources.
  • Operations — A brief report of the open escalations and top types of threats, allowing users to target high-priority threats and resolve them as soon as possible.
  • Threat Summary — A report of the number of incidents, escalated incidents, open escalations, and the top rules that were applied to fewest devices, allowing users to see the effectiveness of their threat strategy and take necessary actions.

Executive Summary dashboard

These alert metrics are displayed in the Executive Summary tab of the dashboard:

  • Device health — View a score that is calculated based on the number of devices running supported versions of the Endpoint Defense agents, the enablement of agent policy features, and the completion of threat mitigation actions. If the score falls below the score baseline, where the default is "A", then the critical escalation group and the Aurora Managed Endpoint Defense team are notified.
  • Protection — View the current percentage of alerts that are resolved.
  • Escalations — View a graph of escalations to see the ratio of unresolved threats by severity, as well as threats that were already resolved. You can view a list of all open escalations or open escalations of a specific severity.
  • Average MTTR in last 30 days — View the average time for analysts to escalate and close alerts in the last 30 days.
  • Targeted users — View the number of users that were targeted.
  • Targeted devices — View the number of devices that were targeted.
  • Unresolved Alerts Severity — View a graph that shows the status of overall alerts by severity. At a glance, you can see the ratio of resolved and unresolved alerts. Unresolved alerts are incoming alerts that Aurora Managed Endpoint Defense analysts are working on that may or may not be escalated to your organization for attention.
  • Threat Source Heat Map — View a map of threat sources to understand where attacks are originating from. You can click the numbers that appear on the map to see the severity of threats for each geographic area.

Operations dashboard

These alert metrics are displayed in the Operations tab of the dashboard:

  • Device health — A score that is calculated based on the number of devices running supported versions of the Endpoint Defense agents, the enablement of agent policy features, and the completion of threat mitigation actions. If the score falls below the score baseline, where the default is "A", then the critical escalation group and the Aurora Managed Endpoint Defense team are notified.
  • Average MTTR in last 30 days — View the average time for analysts to escalate and close alerts in the last 30 days.
  • Open Escalations — View a list of open escalations that might require your attention. For example, those with critical and high severity. You can click on an alert to see more details.
  • Top Alert Types — View the alert types of the alerts that are reported most frequently in the organization. For example, memory exploit attempts, script control threats, and network threats.
  • Detected Malware by Subclass — View the top malware types by subclass. For example, trojan, virus, or worm.
  • Top Scripts Convicted — View the top scripts to see the scripts that are run the most often in your organization and generate alerts.
    Note: Hover over a script in the list to see the full directory path to the script.
  • Alert Types Over Time — View the top alert types that have occurred over a period of time. You can adjust the timeframe by sliding the bar below the x-axis or clicking the alert types to show or hide them in the graph.
  • Top Targeted Processes — View the processes that are most often targeted by threat actors.
  • Top Targeted Devices — View the devices that are generating the most alerts.
  • Top Targeted Users — View a list of users that have encountered the most threats.
  • Top Response Actions By Type — View a list of the top response actions that were used to resolve threats.

Threat Summary dashboard

These alert metrics are displayed in the Operations tab of the dashboard:

  • Response actions taken — The number of actions taken within the specified timeframe.
  • Alerts detected — The number of alerts detected within the specified timeframe.
  • Average MTTR in last 30 days — View the average time for analysts to escalate and close alerts in the last 30 days.
  • Incidents — View the total number of incidents that were and were not escalated.
  • Escalated incidents — View a list of incidents that were recently escalated.
  • Device health — A score that is calculated based on the number of devices running supported versions of the Endpoint Defense agents, the enablement of agent policy features, and the completion of threat mitigation actions. If the score falls below the score baseline, where the default is "A", then the critical escalation group and the Aurora Managed Endpoint Defense team are notified.
  • Open Escalations — View a list of open escalations that might require your attention. For example, those with critical and high severity. You can click on an alert to see more details.
  • Top Ten Rules Applied to the Fewest Devices — View a list of Aurora Focus rules that were applied to the fewest devices.