Menu
REAL-TIME ALERT DASHBOARDS
See what the SOC sees and view the real-time alerts our U.S. based cybersecurity analysts are investigating.
In an effort to safely give our customers more insight into the Blueshift True XDR platform, we have developed a system based on the Grafana observability platform.
This platform allows us to securely send a subset of data from the Blueshift True XDR systems that are on-premise, to a cloud hosted, multi-tenant dashboarding system that can be accessed via the Internet by our customers. All data sent to this platform is encrypted, and the system monitored by the Blueshift SOC. Access to the platform is only granted through Blueshift’s Keycloak identity management system, and 2-factor authentication via OTP is required for access.
The types of data we send to this system are:
We utilize this data for the purpose of improving the overall security posture of the customer and providing valuable insights into their networks and security environment.
By creating these sub-data sets, customers can gain visibility into what alerts our SOC is seeing and other information about their environment (and their customers’ environments if you are an MSP or MSSP), without having to look at the complex forensic level data we store in the on-premise system.
This is an optional service – customer data is not sent to this system by default and customers need to request that this service be set up and enabled.
Click here to email Blueshift Support to request access, or complete the form at the bottom of this page.
Step 1: You will be sent an encrypted note that has your initial access credentials for our Keycloak Identity Access Management system. Please log in with those credentials at this screen:
Step 2: The system will ask you to change your password, and setup OTP 2 Factor Authentication using a mobile app such as
Google Authenticator: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en_US
or for Apple: https://apps.apple.com/us/app/google-authenticator/id388497605
It is required to set up OTP 2 Factor authentication to utilize the system.
Step 3: To log into the system, go to https://graf.blueshiftcyber.com, and press the “Sign in with Keycloak” button. Direct logins to the system are disabled.
Step 4: This will bring you to the following login screen:
Step 5: Enter your username and password, and you will be presented with the OTP Screen:
Step 6:
Enter the one time code from your Authenticator App and you will be logged in and brought to the Alerts Dashboard.
The default screen is the Alerts Dashboard – The top shows statistical information on what is being sent to the system:
This shows the Total Deployed Agents over the selected time period (you can change the time period on the top right hand corner of the dashboard – it defaults to the last 24 Hours), the Maximum Active Agents, The Maximum Disconnected agents, the Total Devices seen by the system (Total Protected Devices), how many blocked deception attacks seen (Max Blocked Attacks) and the blocked connections from the PCAP nodes in the environment (Max Blocked Connections).
After the statistics, it shows the alerts that are sent to our SOC for our team to analyze. The Red alerts are what we call “Actionable”, meaning that we need to investigate the source of those alerts – many times these can be false positives, but we look into them and if they are we can suppress those alerts in the future in most cases.
The Blue Alerts are “Situational” Alerts, meaning we use these for situational awareness and context when looking at the “Actionable Alerts”.
You can see what systems are generating these alerts by clicking on the “>” sign on the left hand side of the alert table:
If you would like to see the raw log of the alerts, You can click on the underlined “Detection” of the alert and see all the raw logs associated with that detection:
Clicking on the “>” sign next to the log entry shows the entire log:
By clicking on the “Dashboards” link at the Top Left, you can see other dashboards in the system. We collect information about actionable vulnerabilities, which are vulnerabilities that:
If you click on “Vulnerabilities – Actionable” you will bring up this dashboard:
This dashboard shows the number of known exploited vulnerabilities and the number of other high risk vulnerabilities.
Just like with the alerts, you can expand the table to see the hosts that are affected by each vulnerability:
If you want more information on the particular vulnerability, you can click on the CVE and it will take you to detailed information on that CVE:
We are working on some additional dashboards (all detected vulnerabilities, detected remote access tools, detect cloud file sharing) and integrating our AI analysts to give customers the ability to ask an AI Analyst to give guidance on any alert in the system.
The AI systems are run and hosted by Blueshift, and we do NOT send customer security data to 3rd party AI API’s such as Chat GPT.