Kaspersky Next XDR Expert
1.3
Monitoring, reporting, and audit  >  Dashboard and widgets  >  Using the dashboard  >  Detection and response widgets  >  Preconfigured dashboard layouts
Preconfigured dashboard layouts

Kaspersky Next XDR Expert includes a set of predefined layouts that contain the following widgets:

  • Alerts Overview layout (Alert overview):
    • Active alerts—number of alerts that have not been closed.
    • Unassigned alerts—number of alerts that have no assignee.
    • Latest alerts—table with information about the last 10 unclosed alerts belonging to the tenants selected in the layout.
    • Alerts distribution—number of alerts created during the period configured for the widget.
    • Alerts by priority—number of unclosed alerts grouped by their priority.
    • Alerts by assignee—number of alerts with the In progress status. The grouping is by account name.
    • Alerts by status—number of alerts grouped by their status.
    • Affected users in alerts—users associated with unclosed alerts.
    • Affected assets—table with information about the level of importance of assets and the number of unclosed alerts they are associated with.
    • Affected assets categories—categories of assets associated with unclosed alerts.
    • Top event source by alerts number—number of unclosed alerts grouped by the event source that generated the alerts.

      The widget displays up to 10 event sources.

    • Alerts by rule—number of unclosed alerts grouped by correlation rules.

    Unclosed alerts are alerts that have one of the following statuses: New, In progress, In incident.

  • Incidents Overview layout (Incidents overview):
    • Active incidents—number of incidents that are not in the Done status category.
    • Unassigned incidents—number of incidents that have no assignee.
    • Latest incidents—table with information about the last 10 unclosed incidents belonging to the tenants selected in the layout.
    • Incidents distribution—number of incidents created during the period configured for the widget.
    • Incidents by priority—number of incidents grouped by their priority.
    • Incidents by assignee—number of incidents with the In progress status. The grouping is by user account name.
    • Incidents by status—number of incidents grouped by their status.
    • Affected assets in incidents—number of assets associated with unclosed incidents.
    • Affected users in incidents—users associated with unclosed incidents.
    • Affected asset categories in incidents—categories of assets associated with unclosed incidents.
    • Active incidents by tenant—number of unclosed incidents, grouped by tenant.

    Unclosed incidents are incidents that are not in the Done status category.

  • Network Overview layout (Network activity overview):
    • Netflow top internal IPs—total volume of netflow traffic received by the asset, in bytes. The data is grouped by internal IP addresses of assets.

      The widget displays up to 10 IP addresses.

    • Netflow top external IPs—total volume of netflow traffic received by the asset, in bytes. The data is grouped by external IP addresses of assets.
    • Netflow top hosts for remote control—number of events associated with access attempts to one of the following ports: 3389, 22, 135. The data is grouped by asset name.
    • Netflow total bytes by internal ports—number of bytes sent to internal ports of assets. The data is grouped by port number.
    • Top Log Sources by Events count—top 10 sources from which the greatest number of events was received.
  • NGFW Aggregated Dashboards layout:
    • NGFW. Firewall Sessions & Actions—number of Firewall profiles actions which were triggered and for which the logging option was set. 
    • NGFW. DNS Security Sessions & Actions—number of DNS Security profiles actions which were triggered and for which the logging option was set.
    • NGFW. Web Control Sessions & Actions—number of Web Control profiles actions which were triggered and for which the logging option was set.
    • NGFW. IDPS Sessions & Actions—number of IDPS profiles actions which were triggered and for which the logging option was set.
    • NGFW. Anti-Virus Sessions & Actions—number of Anti-Virus profiles actions which were triggered and for which the logging option was set.
  • NGFW IDPS & File Web Antivirus layout:
    • NGFW. IDPS. Top-5 Threats Name—five most frequent threats detected by IDPS profiles.
    • NGFW. IDPS. Top-5 MITRE Tactics & Techniques—five most frequent MITRE ATT&CK tactics and techniques detected by IDPS profiles.
    • NGFW. IDPS. Top-5 Threats Type—five most frequent types of threat detected by IDPS profiles.
    • NGFW. IDPS. Top-5 Destination IP Addresses With the Most Blocked Web Traffic—five destination IP addresses with the largest volume of web traffic which is blocked by IDPS profiles.
    • NGFW. IDPS. Top-5 Source IP Addresses With the Most Blocked Web Traffic—five source IP addresses with the largest volume of web traffic which is blocked by IDPS profiles.
    • NGFW. File Web Antivirus. Top-5 Threats Name—five most frequent threats detected by Antivirus profiles.
    • NGFW. File Web Antivirus. Top-5 Source IP Addresses With the Most Blocked Web Traffic—five destination IP addresses with the largest volume of web traffic which is blocked by Antivirus profiles.
    • NGFW. File Web Antivirus. Top-5 Destination IP Addresses With the Most Blocked Web Traffic—five source IP addresses with the largest volume of web traffic which is blocked by Antivirus profiles.
  • NGFW DNS Security layout:
    • NGFW. DNS Security. Top-5 Threats for Blocked Addresses—five most frequent threats from the IP addresses blocked by DNS Security profiles.
    • NGFW. DNS Security. Top-5 Threats for Redirected Addresses—five most frequent threats from the IP addresses redirected by DNS Security profiles.
    • NGFW. DNS Security. Top-5 Source IP Addresses With the Most Blocked Web Traffic—five source IP addresses with the largest volume of web traffic which is blocked by DNS Security profiles.
    • NGFW. DNS Security. Top-5 Redirected Hostnames—five domain names most frequently redirected by DNS Security profiles.
    • NGFW. DNS Security. Top-5 Destination IP Addresses With the Most Blocked Web Traffic—five destination IP addresses with the largest volume of web traffic which is blocked by DNS Security profiles.
    • NGFW. DNS Security. Top-5 Source IP Addresses With the Most Redirected Web Traffic—five source IP addresses most frequently redirected by DNS Security profiles.
  • NGFW Web Control & URL Web Antivirus layout:
    • NGFW. URL Web Antivirus. Top-5 Web Categories for Blocked URLs—five most frequent categories of URLs blocked by Web Antivirus profiles.
    • NGFW. URL Web Antivirus. Top-5 Destination IP Addresses With the Most Blocked Web Traffic—five destination IP addresses with the largest volume of web traffic blocked by Web Antivirus profiles.
    • NGFW. Web Control. Top-5 Categories of Sites With the Most Warning Web Traffic—five categories of websites for which the warning from Web Control profiles is most frequently displayed.
    • NGFW. Web Control. Top-5 Categories of Sites With the Most Blocked Web Traffic—five categories of websites with the largest volume of web traffic blocked by Web Antivirus profiles.
    • NGFW. Web Control. Top-5 Destination IP Addresses With the Most Warning Web Traffic—five destination IP addresses for which the warning from Web Control profiles is most frequently displayed.
    • NGFW. Web Control. Top-5 Destination IP Addresses With the Most Blocked Web Traffic—five destination IP addresses with the largest volume of web traffic blocked by Web Control profiles.
    • NGFW. Web Control. Top-5 Web Control Category Sources for Blocked Addresses—five sources from which the categories of blocked URLs are most frequently obtained.
    • NGFW. Web Control. Top-5 Web Control Category Sources for Redirected Addresses—five sources from which the categories of redirected URLs are most frequently obtained.
  • NGFW Firewall layout:
    • NGFW. Top-5 Application Services by Sessions—five most used application services by number of sessions.
    • NGFW. Top-5 Application Services by Traffic, MB—five most used application services by web traffic volume (MB).
    • NGFW. Top-5 Application Protocols by Sessions—five most used application protocols by number of sessions.
    • NGFW. Top-5 Application Protocols by Traffic, MB—five most used application protocols by web traffic volume (MB).
    • NGFW. Top-5 Client Applications by Sessions—five most used client applications by number of sessions.
    • NGFW. Top-5 Client Applications by Traffic, MB—five most used client applications by web traffic volume (MB).
    • NGFW. Top-5 Source IP by Traffic, MB—five source IP addresses with the largest volume of web traffic (MB).
    • NGFW. Top-5 Destination IP by Traffic, MB—five destination IP addresses with the largest volume of web traffic (MB).
    • NGFW. Top-5 Web Sites by Sessions—five websites with the largest number of sessions.
    • NGFW. Top-5 Web Sites by Traffic, MB—five websites with the largest volume of web traffic (MB).

The default refresh period for predefined layouts is Never. You can edit these layouts as needed.

Article ID: 264150, Last review: May 19, 2025
Page top