The following sections explain how to access the Security Analytics dashboard to view statistics relating to authentication activities and sessions, and functions common to all the pages in this dashboard.
|Table of Contents|
Accessing the Analytics Dashboard
Follow the procedure below to analyze WSO2 IS using WSO2 Analyticsaccess the Analytics Dashboard to view statistics relating to security analytics.
The Analytics Dashboard cannot be viewed using the Internet Explorer 10 and older versions.
Log into the WSO2 Analytics -IS Management Console using the following URL.
- In the Main tab, click Analytics Dashboard. Log into the Analytics Dashboard by entering your credentials in the login dialog box that appears. The following dashboard is displayed by default.
Click View to open the IS Analytics dashboard. The Security Analytics dashboard is displayed as shown in the example below.
Region map shown in the dashboard may not show all the regions for the login attempts. This is because the packed sample database does not contain complete data for all the IP addresses. Please create a new database with complete data and do necessary configurations in WSO2 IS Analytics Server. See Using Geolocation Based Statistics.
The LOGIN ATTEMPTS page is displayed by default. This page gives necessary redirection links to all types of Login Attempts. First page describes about OVERALL LOGIN ATTEMPTS . This page displays statistics relating to overall login attempts made via WSO2 Identity Server. This includes information about overall flows of authentication took place through Identity Server. A collection of authentication steps is considered as an overall attempt..
This page displays a summary of overall login attempts, local login attempts and federated login attempts as shown above.
- If you want to view information relating to overall login attempts, click OVERALL in the left navigator to open the page with the relevant statistics. The same page can be opened by clicking See More under Overall Login Attempts. For detailed information about analyzing overall login attempts, see see Analyzing Statistics for Overall Login Attempts.
- If you want to view information relating to local identity providers, click LOCAL tab under the LOGIN ATTEMPTS in in the left navigator. Local login attempts include all login attempts which are done through resident IDP. These statistics will give an idea on the involvement of resident IDP in an authentication flow.The same page can be opened by clicking See More under Local Login Attempts. For detailed information about analyzing local login attempts, see Analyzing Statistics for Local Login Attempts.
- If you want to view information relating to federated identity providers, click FEDERATED tab under under the LOGIN ATTEMPTS in the left navigator. Federated login attempts include all login attempts which are done through federated IDP. These statistics will give an idea about the authentication steps took place via federated identity providers.The same page can be opened by clicking See More under Federated Login Attempts. For detailed information about analyzing federated login attempts, see Analyzing Statistics for Federated Login Attempts.
If you want to view information relating to sessions, click SESSIONS in the left navigator. For detailed information about analyzing sessions, see Analyzing Statistics for Sessions.
Using the Security Analytics dashboard
The following sections explain common functions of the Security Analytics dashboard.
Viewing statistics for a selected time interval
At any given time, each page in the dashboard displays the statistics for a selected time interval.
- If you want to view statistics for a pre-defined time interval, click on the relevant time interval (e.g., Last 24 Hours).
- If you want to define a custom time interval, click Custom and select the start and end dates of the required time interval in the calendar that appears. Then click Apply.
When you select Last Hour as the time interval for which statistics are to be displayed, all the gadgets except data tables are updated in about 1 minute. When the time interval selected is greater than one hour, the same gadgets are updated in 5 minutes. This is because the relevant Spark scripts need to be executed in order to update the gadgets.
The data tables in each page are updated instantly.
Working with filters
The Security Analytics dashboard allows you to add filters that allow you to update multiple gadgets in a given page to display information relating to a selected criteria.
A filter can be added only to gadgets with a Search field together with the Add Filter button.
- Access the
Security Analyticsdashboard as explained under Accessing the Security Analytics dashboards.
- Click Local in the left navigator to open the page displaying statistics for local login attempts.
- In the Search field on the By Role gadget, enter
adminand then click Add Filter as demonstrated below.
This results in all the gadgets in the page except the By Role gadget (to which the filter was added) being updated to display only information relating to the
- To remove a filter already applied to a filter, click the close (i.e. x) sign in the relevant Search field as shown below.