Hi team, do we have some standard dashboards for Work From Home use cases?
Use cases for working from home
Userlevel 3
+7
Hi Sandesh,
How about following use cases that may be helpful considering the employees are using VPN to access the organizational assets.
- Top 10 WFH Users, Tunnel and Group
query: norm_id=* label=ssl label=vpn destination_address=* user=* tunnel_address=* group=* | chart count() by user, tunnel_address, group,destination_address order by count() desc limit 10
- Top 10 WFH User Access Data( Total MB)
query: norm_id=* label=ssl label=vpn destination_address=* user=* tunnel_address=* group=* sent_datasize=* received_datasize=* | chart sum(sent_datasize/1024/1024) as sentdataMB, sum (received_datasize/1024/1024)as receiveddataMB, sum((sent_datasize+received_datasize)/1024/1024) as TotaldataMB by user order by TotaldataMB desc limit 10
- WFH login Attempt in Off hour( say Before 9AM and After 5 PM)
query: label=ssl user=* label=login hour(log_ts)<9 or hour(log_ts)>=17 | chart count() by log_ts, user
- Top 10 failed login in WFH connection
query: label=ssl label=login label=vpn label=fail user=* | chart count() by user order by count() desc limit 10
- Top 10 Successful login in WFH Connection
query: -("reason"="tunnel established") label=ssl label=vpn label=up user=* | chart count() by user order by count() desc limit 10
- WFH Login Location
query: label=vpn label=ssl source_address=* | process geoip (source_address) as country, region, city, latitude, longitude, time_zone | chart count() by country, region, city, latitude, longitude, time_zone order by count() desc limit 10 | filter country=*
- SSL VPN Action
query: label=ssl label=vpn action=* | rename action as "VPN Action"| chart count() by "VPN Action"
- VPN Status Overview
query: label=VPN status=* | chart count() by status order by count() desc limit 10
- Number of Devices Used for WFH login
query: label=vpn label=ssl source_address=* | chart distinct_count(device_id) as DC by user
Similarly depending on the other sources you have (firewall, TI feed) you could think of :
Top 10 Application Category in Use
Top 10 destination reached from WFH
Top 10 Blocked Site
Operating System Used for Connection
No. of Session In WFH System in a day
No. of Active connection in WFH system
Public IP Used for WFH system
Blacklisted IP used for Connection (TI feed)
Top Office Server Reached from WFH
User Session Duration in WFH
Reply
Sign up
Already have an account? Login
Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.
LOGIN AS PARTNER OR CUSTOMER Login with LinkedInLogin to the community
Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.
LOGIN AS PARTNER OR CUSTOMER Login with LinkedInEnter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.