The following sections explain how to access the Security Analytics dashboard to view statistics relating to authentication activities and sessions, and functions common to all the pages in this dashboard.
|Table of Contents|
Accessing the Analytics Dashboard
Follow the procedure below to analyze WSO2 IS using WSO2 Analyticsaccess the Analytics Dashboard to view statistics relating to security analytics.
The Analytics Dashboard cannot be viewed using the Internet Explorer 10 and older versions.
Log into the WSO2 Analytics -IS Management Console using the following URL.
In order to view Analytics data related to users in tenant domains other than the super tenant, Please follow the given steps
1. Login to WSO2 Analytics -IS Management Console with relevant tenant credentials.
2. In the Main tab, click Add under Carbon Applications. This will show you the page where you can upload .car file.
3. Select org_wso2_carbon_analytics_is_realtime-1.0.0.car located in <IS_ANALYTICS_HOME>/capps and click Upload. This car file contains the files required to process analytics data in tenant domain.
- In the Main tab, click Analytics Dashboard. Log into the Analytics Dashboard by entering your credentials in the login dialog box that appears. The following dashboard is displayed by default.
Click View to open the IS Analytics dashboard. The Security Analytics dashboard is displayed as shown in the example below.
Region map shown in the dashboard may not show all the regions for the login attempts. This is because the packed sample database does not contain complete data for all the IP addresses. Please create a new database with complete data and do necessary configurations in WSO2 IS Analytics Server. See Using Geolocation Based Statistics.
The FEDERATED IDENTITY PROVIDER page is displayed by default. This page displays statistics relating to federated identity providers. For detailed information about analyzing federated identity providers, see Analyzing Statistics for Federated Identity Providers
This page displays a summary of overall login attempts, local login attempts and federated login attempts as shown above.
- If you want to view information relating to overall login attempts, click OVERALL in the left navigator to open the page with the relevant statistics. The same page can be opened by clicking See More under Overall Login Attempts. For detailed information about analyzing overall login attempts, see Analyzing Statistics for Overall Login Attempts.
- If you want to view information relating to local identity providers, click LOCAL in the left navigator. The same page can be opened by clicking See More under Local Login Attempts. For detailed information about analyzing local login attempts, see Analyzing Statistics for Local Login Attempts.
- If you want to view information relating to resident federated identity providers, click RESIDENT IDENTITY PROVIDER in FEDERATED under the LOGIN ATTEMPTS in the left navigator. The same page can be opened by clicking See More under Federated Login Attempts. For detailed information about analyzing resident identity providers, see federated login attempts, see Analyzing Statistics for Resident Identity ProviderFederated Login Attempts.
If you want to view information relating to sessions, click SESSIONSin
in the left navigator. For detailed information about analyzing sessions,see
Using the Security Analytics dashboard
The following sections explain common functions of the Security Analytics dashboard.
Viewing statistics for a selected time interval
At any given time, each page in the dashboard displays the statistics for a selected time interval.
- If you want to view statistics for a pre-defined time interval, click on the relevant time interval (e.g., Last 24 Hours).
- If you want to define a custom time interval, click Custom and select the start and end dates of the required time interval in the calendar that appears. Then click Apply.
When you select Last Hour as the time interval for which statistics are to be displayed, all the gadgets except data tables are updated in about 1 minute. When the time interval selected is greater than one hour, the same gadgets are updated in 5 minutes. This is because the relevant Spark scripts need to be executed in order to update the gadgets.
The data tables in each page are updated instantly.
Working with filters
The Security Analytics dashboard allows you to add filters that allow you to update multiple gadgets in a given page to display information relating to a selected criteria.
A filter can be added only to gadgets with a Search field together with the Add Filter button.
- Access the
Security Analyticsdashboard as explained under Accessing the Security Analytics dashboards.
- Click Local in the left navigator to open the page displaying statistics for local login attempts.
- In the Search field on the By Role gadget, enter
adminand then click Add Filter as demonstrated below.
This results in all the gadgets in the page except the By Role gadget (to which the filter was added) being updated to display only information relating to the
- To remove a filter already applied to a filter, click the close (i.e. x) sign in the relevant Search field as shown below.