You can configure the Threat Activity Map widget to show a specific date range, add or remove the Legend, and determine whether the map displays Origin and Impacted information.
To configure the widget's settings:
- Hover your mouse over the widget and click the Settings icon.
A blue border appears around the widget and the Inspector panel opens on the right.
- In the Inspector panel, do any of the following:
- Click in the Title field and type a new title.
- In the Cluster Status section, view the status of the cluster.
- Blue. The data is current.
- Yellow. The data has partially loaded.
Red. The data is not loading.
If your deployment has multiple clusters and one (or more) goes down, the Cluster Status section has information about the number of clusters that are not responding.
- In the Date Range field, type the number of hours that you want to pull data from.
The maximum number of hours you can enter is 48.
- Select or clear the Toggle Legend check box.
If the box is selected, the Legend appears on the map. If the box is cleared, the Legend disappears.
- Select or clear the Origin and/or Impacted check boxes.
When a box is checked, the color-coded information appears in the nodes on the map. When a box is cleared, the color-coded information disappears. Any, all, or none of the boxes can be checked.
- In the Filter section, create and apply filters.
Use the lists to set the parameters of the filter. Choose from the following operators:
- All of the Following or Any of the Following
- is or is not
To add a filter click +Filter, select a filter from the list, then click the value field and select the appropriate filter item. To include more than one filter term for a particular filter, click the Plus icon to the right of the value field.
Click Apply to update the filter and Threat Activity Map display.
The Threat Activity Map can currently only support filters for the following metadata fields: Priority, Common Event, Classification, Entity (Impacted), Log Source Type, MPE Rule Name, User Origin, User Impacted.