AssetView Dashboards

Document created by Ian Glennon Employee on Jan 14, 2016Last modified by Robert Dell'Immagine on Jan 15, 2016
Version 8Show Document
  • View in full screen mode

I have been putting together some dashboards to highlight the ways data can be sliced and diced for different audiences and I'm documenting my work here so others can replicate it and/or offer suggestions.  As I update my dashboards I'll update this post.


Executive View

This view consists of high-level views of assets by OS, tags and manufacturer.  It also lists web services with sev 4 or 5 vulnerabilities, both public and internal.  Finally it lists all End of Life operating systems (XP, Windows 2000 and Vista).


For the distinction between Public and Private assets I use a dynamic asset tag named 'Internal Assets'.  I used the 'IP Address In Range(s)' rule with the addresses '', '' and '' as defined in RFC1918.


Dashboard LineWidget TitleQueryTypeShow Legend

Categories / Rows

Regroup by / Columns

1Vulnerable Assets by Operating System(vulnerabilities.vulnerability.severity:4 or vulnerabilities.vulnerability.severity:5)PieYoperatingSystem
1Vulnerable Assets in Policy Compliance Scope(vulnerabilities.vulnerability.severity:4 or vulnerabilities.vulnerability.severity:5) and activatedForModules:PCPieYoperatingSystem
2Vulnerable Assets by Tag(vulnerabilities.vulnerability.severity:4 or vulnerabilities.vulnerability.severity:5)PieYtags.Name
2Vulnerable Assets by Manufacturer(vulnerabilities.vulnerability.severity:4 or vulnerabilities.vulnerability.severity:5)PieYsystem.Manufacturer
3Public Web Services with Critical Vulnerabilities(not`Internal Assets`) and (openPorts.port:80 or openPorts.port:443) and (vulnerabilities.vulnerability.severity:4 or vulnerabilities.vulnerability.severity:5)Tableinterfaces.hostname
3Private Web Services with Critical`Internal Assets` and (openPorts.port:80 or openPorts.port:443) and (vulnerabilities.vulnerability.severity:4 or vulnerabilities.vulnerability.severity:5)Tableinterfaces.hostname
4End of Life Operating SystemsoperatingSystem: XP or operatingSystem:`Windows 2000` or operatingSystem: VistaTableoperatingSysteminterface.hostname



Operations View

This view consists of asset data as it relates to operational teams.  It contains views of patchable assets, both in list and pie-chart form, and a list of servers pending reboot.  I included a count of the servers pending reboot to make it clear when there is no data to report in the list to eliminate confusion when 'query returned no results' is displayed - this is the same error presented when the query times out and when the query succeeds but contains no data.  Finally it lists assets with malicious software identified.


Dashboard LineWidget TitleQueryTypeShow LegendCategories / RowsRegroup by / Columns
1Patchable Assets by OS(vulnerabilities.vulnerability.severity:4 or vulnerabilities.vulnerability.severity:5) and vulnerabilities.vulnerability.patchAvailable:truePieYoperatingSystem
1Patchable Assets(vulnerabilities.vulnerability.severity:4 or vulnerabilities.vulnerability.severity:5) and vulnerabilities.vulnerability.patchAvailable:trueTableinterfaces.hostnameinterfaces.address
2Assets Pending Reboot Countvulnerabilities.vulnerability.qid:90126Count
2Assets Pending Rebootvulnerabilities.vulnerability.qid:90126Tableinterfaces.hostnameinterfaces.address
3Assets with Malicious Softwarevulnerabilities.vulnerability.compliance.description: 'malicious software'Tableinterfaces.hostnameinterfaces.address



Control / Configure a Dashboard

If you have AssetView available to your subscription (visible in the module drop-down list as AssetView, not Asset Management) you can see the default dashboard named 'Asset Overview'.  Additional dashboards can be created under the 'Actions' menu button just below the dashboard name and selecting "Create New Dashboard".  Adding widgets to the dashboard is simply a case of clicking the 'Add Widget' button, next to the 'Actions' button.


The following screenshot shows both the Actions and Add Widget buttons in the AssetView module.





Paring Down the Query Results

You can use the boolean logic capability of AssetView to combine different 'not' queries to reduce the number of returned results and therefore more accurately define a particular category.  For example with the Malicious Software widget, which uses a compliance category value, you can add another search to exclude all those with a category of "Security Policy".


... and (not vulnerabilities.vulnerability.category: "Security Policy")


For more a more fine-grained approach you can also exclude specific QIDs, of course, with


... and (not vulnerabilities.vulnerability.qid: 105103)

1 person found this helpful