The SIEM (NIDS) dashboard provides real-time visibility into network-based intrusion detection events. It categorizes and displays alerts generated by monitoring traffic across network segments to detect malicious activity or policy violations.
Time Range Filter:
Allows users to define a custom date range to analyze trends and anomalies over time.
Alert Counters by Severity:
Shows the total number of alerts grouped into five severity levels:
Alert
Critical
Warning
Notice
Info
These counters provide a snapshot of network security posture over the selected date range.
Alerts Timeline Chart:
A line graph visually representing the volume and type of alerts detected throughout the day. Each severity level is color-coded for quick identification.
Alert Actions (Records)
Reserved for showing specific responses or actions triggered by alerts (e.g., block, log, notify).
Currently empty or awaiting data integration.
Clients (Records)
Displays a donut chart showing the total number of alerts triggered by different client IP addresses.
Helps identify which internal clients are most often involved in suspicious or high-volume alert activity.
A legend lists IPs with alert counts and supports pagination for extended visibility.
Server (Records)
Another donut chart visualizing alert counts based on destination or target server IPs.
Useful for detecting targeted systems, high-traffic endpoints, or possibly compromised devices.
Services (Records)
Intended to show alerts broken down by network services (e.g., HTTP, DNS, SMB).
Currently shows "0 Total Alerts", indicating no service-level detection is reported in the selected range.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article