Use Cases for Dashboard

After Lucidum has ingested data, you can view dashboards and charts in the Dashboards page. These dashboards and charts provide insights into your environment.

This chapter will show some common use cases for dashboards.

For more use cases and dashboards, see the manual on Use Cases.

All Assets and All Users #

Lucidum finds uses connected data sources and machine learning to find all devices, all users, all data and correlates them.

This dashboard provides an overview of the assets and users in your environment. You can drill down in this dashboard to see details about assets and users.

This dashboard displays:

• All assets by type

• List of all servers and VMs

• List of all workstations

• List of mobile devices

• List of containers and microservices

• All assets by data source

• All users by department

• All users by location

• All users by manager

Assets Not Managed in Active Directory or LDAP #

This dashboard displays assets that have been found by Lucidum yet are not managed by Active Directory. In this dashboard, assets that are not in Active Directory are considered “unknown”.

The dashboard displays:

• Count of all unknown assets.

• Unknown assets and their known risks

• Unknown assets without endpoint protection

• Unknown assets with critical vulnerabilities

• Unknown assets with high vulnerabilities

• Unknown assets with critical CVEs

• Unknown assets and the services that are listening on those assets

• Unknown assets that are accessing files in the environment

• Unknown workstations without VPN

• Unknown assets by type

• Unknown assets by department

Assets without an Endpoint Agent #

Here is a dashboard for a customer who uses Crowdstrike Falcon for endpoint management and security. This dashboard shows all assets where Crowdstrike Falcon is not installed.

The dashboard includes charts for:

• Assets without Crowdstrike by function (endpoint or network)

• Assets without Crowdstrike by type (server, workstations, firewall, etc.)

• Workstations without Crowdstrike

• Assets without Crowdstrike by department

• Assets without Crowdstrike by operating system

Assets without Encryption #

 Here is a dashboard about all assets with unencrypted data storage. This is especially useful for organizations working on SOC-2 compliance.

The dashboard includes charts for:

• Unencrypted assets by type

• Encrypted assets by type

• Unencrypted assets by location

• Unencrypted assets by manager

• Users whose assets are not encrypted

Assets with End-of-Life Operating Systems #

This dashboard displays information about assets running operating systems that are no longer supported by the operating system vendor. Therefore, the vendor no longer releases security patches for these operating systems.

This dashboard includes charts for:

• All Windows assets, sorted by OS version

• Windows assets using EOL operating systems

• All Macintosh assets, sorted by OS version

• Macintosh assets using EOL operating systems

• Windows assets using EOL operating systems, by owner

• Windows assets using EOL operating systems, by manager

• Windows assets using EOL operating systems, by owner

• Windows assets using EOL operating systems, by manager

• Macintosh assets using EOL operating systems, by owner

• Macintosh assets using EOL operating systems, by manager

Disabled Users (Zombies) #

Here’s a dashboard about users who have been disabled in Active Directory but still appear active in the environment. These accounts are known as zombie accounts and create a security risk.

This dashboard includes charts for:

• All users who have been disabled in Active Directory

• All users who have been disabled in Active Directory yet have been seen in the environment in the last 5 days

• All users who have been disabled in Active Directory yet have accessed files in the environment in the last 5 days

• All users who have been disabled yet have logged in to the VPN in the last 5 days

• All users who have been disabled in Active Directory and whose accounts allow access to secure assets

• All users who have been disabled yet have logged in to the VPN in the last 5 days and whose accounts have access to secure assets

Viewing Details in a Chart #

You can click on a chart and get details about the data in the chart.

1. For example, suppose a dashboard includes this chart:

   

2. Clicking on the slice “Value not exist” drills down and provides more details about that slice.

   

3. We can now see that there are 26 assets without a value for “asset type”.

4. Clicking on Edit filters and then Show Result displays the details about all the assets with no value for “asset type”. You can click the Edit Column button to display more columns or a different set of columns.

   

5. Clicking the blue > leads to the Details page, where you can view more information about a specific asset:

   

6. Clicking on a link on the left displays a different category of information about the asset.

You can also drill down into charts about users.

1. For example, suppose a dashboard includes this chart:

   

2. Clicking on the bar “Security” drills down and provides details about that bar.

   

3. We can now see that there are 96 users in the security department.

4. Clicking on Edit filters and then Show Result displays the details about all the users in the security department. You can click the Edit Column button to display more columns or a different set of columns.

   

5. Clicking the blue > leads to the Details page, where you can view more information about a specific user:

   

6. Clicking on a link on the left displays a different category of information about the user.