Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Reporting Administration > Configuring Dashboard reporting data
Configuring Dashboard reporting data
Administrator Help | Forcepoint Web Security and Forcepoint URL Filtering | v8.5.x
Use the Settings > Reporting > Dashboard page to configure the maximum time period that can be shown in elements of the Threats, Risks, Usage, and System dashboards.
If you have Forcepoint Web Security, also configure whether to create a forensics repository for storing data about files associated with suspicious threat activity in your network.
Configuring the maximum time period for dashboard charts
By default, charts, counters, and tables on all tabs of the Status > Dashboard page show a maximum of 30 days of data. This limit was chosen to minimize the amount of time it takes to load the Dashboard, optimize Forcepoint Security Manager overall performance, and reduce load on the Log Database.
With Standard and Enterprise versions of Microsoft SQL Server, you can configure dashboard charts to show a longer time period. Extending the maximum time period, however, may have serious performance impacts for both the Security Manager and the Log Database.
*
*
*
*
*
*
*
Note that data may not always be available for the full period selected. If your web protection solution has only been installed for 7 days, for example, 30-day reports show data for only the 7 days that policy enforcement has occurred.
Threats dashboard sample data
If you would like to see examples of the types of data that can appear on the Threats dashboard without generating potentially dangerous network traffic, you can import sample data.
Because the sample data is loaded into the Log Database, where it is mixed with any real data generated in your network, it is best to load the sample data only in a test or evaluation environment.
To clearly flag the sample data, each of the users in the sample database is assigned the middle name Demo (for example, Sam Demo Smith and Lisa Demo Brady). In addition, the timestamp on the user activity predates the creation of the Log Database partition holding the data. Note that the sample data is intended for import soon after installing the product. If too much time has elapsed since the installation, a message displays, advising that the data has expired and cannot be loaded.
To load sample data into the database, click Sample Data, then click Import Sample Data. When you click OK and Save and Deploy, the data is loaded into the Log Database. After a few seconds, the Threats dashboard is updated to show the new data.
Configuring forensics data storage
In Forcepoint Web Security deployments, threat-related forensic data can include:
*
*
*
*
If you enable storage of forensics data, also specify where the forensics repository (a specialized database) is stored, the maximum size to which the database can grow, and how long to store forensics data.
1.
Under Incident Data for Forensic Investigation, mark Store forensic data about Threats incidents for further investigation to create the forensics repository.
If your deployment includes Forcepoint DLP, this new forensics repository is similar to that product's forensics repository. The smaller repository used by web protection components stores information about only those incidents displayed on the Threats dashboard.
2.
Indicate whether to store forensics details for Blocked requests only, or for All requests (both blocked and permitted).
3.
Specify the Path to the location that will host the forensics repository.
*
*
*
4.
*
Select Use Local System account if neither network access nor special permissions are required to access the directory.
*
Select Use this account to use a domain account, then enter User name, Password, and Domain for the account.
Click Test Connection to verify that the selected account can access the forensics repository location.
5.
To specify how large the forensics repository can grow, enter a Maximum size in GB (default 20) for the forensics repository.
*
*
When the maximum size is reached, or records reach the age limit specified for Threats data, records are automatically purged from the repository.
6.
Click OK to cache your changes. Changes are not implemented until you click Save and Deploy.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Reporting Administration > Configuring Dashboard reporting data
Copyright 2018 Forcepoint. All rights reserved.