DeepSurface: Dashboards

Documentation
Installation Guide
Overview
Let DeepSurface Host For You
Getting Started
System Requirements
Self Hosted Quick Start - Installing to Cloud Platforms
Self Hosted - Installation Using an OVA
Registration, Package Installation, and Initialization
First Steps After Initialization of the Console
Deployment Options
Main and Subordinate Consoles
Agent-Based Deployment
User Managed Scan Deployment
Credentialed Scanning Deployment
Mixed Environment
Deployment Tools
Active Directory Group Policy
Microsoft Endpoint Configuration Manager (part of InTune)
Tanium Deploy
HCL BigFix
Ivanti
Virtual Machines
VMWare
Virtual Box
VirtualBox Guest Additions
AWS EC2 (BYOL)
AWS EC2 (Usage Based)
Azure Cloud
Google Cloud
Additional Items to Consider
Main Console Server Certificates
LDAP
TOFU
Clock Sync
DeepSurface Commands
Multiple Vulnerability Sources
API Documentation
User Guide
Reporting
Dashboards
Exports
Risk Insight
Hosts
Patches
Vulnerabilities
Vulnerability Instances
Users
Remediation Workflow Manager
Plans
Settings
Integrations
Workflow
Exporting
Accepted Risk Plans
Accepted Risk Workflow
Explore
Model
Paths
Activity
Tasks
Configuration Alerts
Scan Logs
Notification Settings
Scanning
Status
Agents
User Managed
Credentialed Scanning Settings
Credentials
Scan Groups
General Settings
Cloud Scanning
Network Connectivity
Subordinates
Vulnerability Sources
Setup
Sensitive Assets: Polices
Sensitive Assets: Manual
Admin Settings
SMTP Settings
Certificates
Outbound Proxy
Authentication Providers
Users
Tags
Integrations Guide
Vulnerability Sources
CrowdStrike Spotlight
SentinelOne
Carbon Black Cloud
Microsoft Defender for Endpoint
Wazuh
Lansweeper Cloud
Nessus API
Tenable.io API
Security Center/Tenable.sc API
Rapid7 InsightVM API
Qualys API
Nozomi Guardian
Eclypsium
AWS Inspector
Remediation
Jira Software
Tanium (BETA)
Authentication Providers
LDAP (Active Directory)
SAML (Azure Active Directory)
SAML (Google)
SAML (Okta)
PAM
CyberArk
Delinea (Thycotic)
Microsoft LAPS
Security Guide
Firewall Configuration
Base Network Requirements
Agent Network Requirements
Credentialed Scanning Network Requirements
API Network Requirements
How DeepSurface Scans Work
Domain (LDAP) Scanning
Host Scanning Routine
Reasons for the Administrative Access Requirement
Endpoint Protection Considerations
Other Items
Scope of Data Storage and Retention
IPS/IDS Considerations
Logging
Resetting the DSADMIN password
Product Information
Changelogs
Open source Licenses
End User License Agreement (EULA)

Reporting Dashboard - dashboard-1

The Reporting Dashboard lets you visualize different aspects of your environment. An ever-growing selection of widgets, charts, and other types of visualizations let you get an overview of your environment in a way that simple tables do not. The Dashboard is also fully customizable, giving you the ability to tailor the visuals to tell the story that you want to, whether to your team, stakeholders, or executives.

Out of the box, the dashboard comes with a wide range of pre-selected widgets that range from prioritized lists of risky elements in your environment, to historical charts of your total risk. The following sections will briefly go over some of the more important visuals on the default dashboard

Risk Breakdown and Priorities

Reporting Dashboard - dashboard-2

The risk breakdown widgets show a donut chart of the breakdown of hosts/patches/vulnerabilites in your environment by risk score. With these widgets you can get a glanceable health of your environment.

Reporting Dashboard - dashboard-2

The top risk priorities show the highest n hosts/patches/vulnerabilities in your environment.

Risk Over Time

Reporting Dashboard - dashboard-2

Risk over time represents exactly what it sounds like. Every time your environment is scanned via an authenticated scan or with agents, an analysis is run and your risk score (among many many other things) is updated. This chart gives you a snapshot of your risk over a given timespan (default is 60 days) the upper area chart represent your risk score and the lower bar charts show you vulnerability instances that have been discovered or removed, and hosts that have been discovered or removed. Mousing over any part of these charts will connect the events vertically, and clicking on any moment in time will open up a modal that will give you an overview of all the hosts/instance/domain changes, as well as any manual user edits, that occured at that moment in history, in order to tell the story of all the factors that went in to affecting your risk score at that time.

Vulnerability Instances

There are several widgets related to vulnerability instances in your environment. The Vulnerability Instances Prioritization widget is the same default visual that you would see when visting the Vulnerability Instances Report in Risk Insight.

Reporting Dashboard - dashboard-3

Before even calculating your risk or prioritizing the hosts, patches, and vulnerabilities that you should be focusing on, DeepSurface must first categorize all of the vulnerability instances reported by your vulnerability scanner(s) to determine what you need to worry about and focus on. There are many situations in which DeepSurface completely de-prioritizes some instances so that you do not have to spend any of your attention on remediating elements that will have little or no effect on your total risk level and security posture. During this preliminary prioritization DeepSurface de-duplicates any instances, removes any that are purely Denial of Service, not actually exploitable, or unreachable. This visualization shows you the difference between what you could have had to sift through, and the narrower set of instances that you now can focus instead. The further to the right the category is, the higher priority the category is. As a rule of the thumb, the green categories are de-prioritized entirely, the lighter red categories need your attention in order for DeepSurface to better understand, and the darker red categories have been prioritized and deemed to carry risk in your environment.

Reporting Dashboard - dashboard-3

In addition to the categories, there are also widgets that breakdown your vulnerability instances by CVSS score and Exploit Status. These are represented as a bar chart and donut chart respectively.

Top Critical Paths

Reporting Dashboard - dashboard-4

The top critical attack paths show the highest risk paths in your environment. Sometimes these paths share nodes/edges/scopes in common and are grouped together. Mousing over any of the paths will highlight it for you and clicking on any of the nodes or edges will give you more information about the contents of a node, or the access/vulnerabilities present on an edge that allows the traversal.

Peer Comparison

Reporting Dashboard - dashboard-5

One important question that a lot of our customers have is, "How well am I doing compared to my peers?". That question is answered by this section of the dashboard. The area chart on the left shows your position compared to your peers over time. The higher the percentile, the better you compare to peers in your sector. Mousing over the chart will show you the percentile at that moment in time and your current percentile will show when not mousing over the chart.

Customizing the dashboard

DeepSurface comes with standard dashboards out of the box. New dashboards can be created at will, either from scratch or using one of the canned dashboards as a starting point. To start editing, you can create a copy of a canned dashboard and edit it as you like by clicking the copy button next to the name of the report:

Customizing the dashboard

The screen will refresh with the newly copied dashboard, and show a Configure button next to the name of the report you can click to begin editing:

Customizing the dashboard 2

Once in edit mode, the page should look something like the following:

Edit Dash

The top bar has been replaced with the dashboard editing interface. To change the name of the dashboard, simply type in a new name, but do be aware that a name is required. To add widgets to the dashboard, simply click on the large button of the widget type that you would like to add. Clicking on one of these large buttons will bring up a secondary interface that lets you choose which specifc widget within that category that you would like to add.

Edit Dashboard

You can further customize a specific widget with different options like version, or item count. Once you finish selecting all of the options for adding a widget, click the "Add Widget" button and it will appear on the dashboard below, this and every other widget can be moved around by dragging and dropping. Some widgets can also be resized vertically and/or horizontally. Click and drag on either the horizontal or vertical resize circles on the right or bottom of a widget to drag the widget to a new width or height. The widget will automatically snap to an available grid size and push other widgets out of the way to make room. Widgets cannot overlap eachother.

Customize Widget

Some widgets (priority, metric) also allow you to adjust the content of the what is displayed in the widget itself. Any widgets on the dashboard that allow for more settings will include an edit button while the dashboard is in edit mode. Clicking on the edit button will open up a modal with all of the options available for the widget you are trying to edit.

Once you are happy with the size, position, and content of all the widgets on the dashboard, click save and the current layout will be saved.

If at any time you want to delete a dashboard, click the delete button in the top dashboard editing interface. You will be prompted to confirm and your dashboard will be removed. Similarly, you can also remove any widgets within a dashboard by clicking on the red trashcan icon in the bottom right of any widget while the dashboard is in edit mode.

Creating a new dashboard

The reporting dashboard also allows you to create multiple dashboards. Some users find it helpful to have different dashbboards, each that tell a slightly different story, or highlight different metrics for different audiences. To create a new dashboard, open the dashboard selector at the top right of the screen and click on the "Create new dashboard" option:

Creating Dashboard

After doing so, you will be presented with a new blank canvas and the dashboard editing interface open. Just like editing an existing dashboard, you can now change the name of the dashboard, add, remove, and configure all the widgets for this new dashboard.

If at any time you would like to switch which dashboard is considered the "current" dashboard, open the dashboard selector and choose which dashboard you want from the list of dashboards that you have made. DeepSurface will remember which one has been selected and show this dashboard as the default when visiting this page in the future.

Exporting a dashboard

As of release version 3.10 it possible to export all dashboards. DeepSurface is hard at work supporting scheduling functionality of all dashboards as reports but for the time being, only the 'Summary' dashboard is exportable as a scheduled report. To schedule an export of the Summary dashboard, click the export button in the top right and configure the export like you would any of the Risk Insight reports.

The summary dashboard should look very similar to user created dashboards, with a few key differences. for one, this dashboard is not editable. The configure button has instead been replaced by an export button. Clicking the export button will bring up a faimliar export form seen in other areas of the application. From this form it is possible to schedule recurring exports, assign recipients, and give the export a recognizable label.

Once exported, the report will appear in the exports section of the interface along with any of the other configured exports from Risk Insight.

Print or Save PDF

For now, all other user-created dashboards can be saved/printed as pdfs by the browser. For these dashboards, simply select the 'Print/Save PDF' button in the top right and you will be able to print or save via the browser options. For your convenience, there is a checkbox next to this button that will show you where the page breaks will appear when printing. This can be very helpful for resizing and placing widgets that won't awkwardly span multiple pages when saved.