Skip to main content
Skip table of contents

Endpoint Security Dashboards

The pre-built Value-Oriented Dashboards include the following endpoint security dashboard:

  • Cloud Tagging Enforcement. Tagging is the process of using a consistent, descriptive naming strategy for cloud instances. This dashboard displays instances that are not properly tagged and provides statistics about the tags in use.

  • Endpoint Management. This dashboard displays information about assets that are not running an endpoint agent.

Required Connectors

To find all the assets in your environment and all the endpoint security solutions in your environment, Lucidum recommends you configure Lucidum connectors for:

  • The Endpoint Management solutions in your environment (for example, Jamf, Intune, Citrix Endpoint Management, Symantec Endpoint Management, Hexnode)

  • The Endpoint Protection solutions in your environment (for example, Trellix Endpoint Security, Symantec Endpoint Protection, SentinelOne, Crowdstrike Falcon, Microsoft Defender for Endpoint )

  • The Endpoint Detection and Response solutions in your environment (for example, SentinelOne, Falcon Crowdstrike, Trend Micro XDR, Check Point Harmony Endpoint, Cortex XDR)

  • The cloud security solutions in your environment for cloud assets (for example, Netskope, Illumio Core, Orca, http://Tenable.io , Trend Micro Cloud One, Sophos Central)

  • The Mobile Device Management solutions in your environment (for example, Addigy, Citrix Endpoint, Jamf Pro, Kandji)

  • The directory solutions in your environment (For example, Azure AD, Microsoft AD, Jump Cloud, PingOne, OpenLDAP,)

  • The DHCP solutions in your environment (For example, Infoblox, Efficient IP, BlueCat)

  • The VPN solutions in your environment (For example, Cisco AnyConnect, FortiClient, Palo Alto VPN, Citrix Gateway, Zscaler Private Access)

  • The cloud solutions in your environment (for example, AWS, Azure, Google Cloud, Oracle Cloud)

Cloud Tagging Enforcement

Tagging is the process of using a consistent, descriptive naming strategy for cloud instances. The Cloud Tagging Enforcement dashboard displays instances that are not properly tagged and provides statistics about the tags in use.

The Cloud Tagging Enforcement dashboard looks like this:

Base Query

Most of these charts use the base query:

Lucidum_VOD_Cloud_Compute match Yes AND Tag::Key exists

Lucidum_VOD_Cloud_Compute is a Dynamic Field. Dynamic Fields are shortcuts for more complex queries. Lucidum_VOD_Cloud_Compute is a shortcut for this query:

Cloud Asset (yes/no) == Yes AND Asset Type == VM

This means that Lucidum_VOD_Cloud_Compute matches “yes” when an asset is a cloud asset and additionally, that asset is a cloud asset of type “VM”.

So the complete query is:

Cloud Asset (yes/no) == Yes AND Asset Type == VM AND Tag::Key exists

This means that matching assets are cloud assets, of type VM, and have a tag.

If you wanted to create a dashboard for a different type of cloud instance, you can supply a different asset type in the query. To view all Asset Types in your Lucidum system, in the Query Builder, select Asset Type. The value field includes a list of available Asset Types to choose from.

Charts

To view details about each chart, click the pencil icon (

).

  • Total Compute Instances. Displays a count of all compute instances across all clouds in your environment.

    • This chart uses the query Lucidum_VOD_Cloud_Compute match Yes

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum Asset Name that matches the query) for display in the chart. This chart does not use an additional filter.

    • The Chart Type is “Big Number.

  • Top-n Tags in Use for EC2 Instances. This chart displays the top nine types of tags in use for EC2 instances.

    • This chart uses the query Lucidum_VOD_Cloud_Compute match Yes AND Image Tag::Key exists. This query looks for cloud instances of type VM that were built with an image with a built-in tag.

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum Asset Name that matches the query) for display in the chart. This chart uses the additional filter count Lucidum Asset Name by Tag::Key

    • The Chart Type is “Bar”.

  • Top-n Instance Owners for EC2 Instances. This chart displays the top five owners for EC2 instances.

    • This chart uses the query Lucidum_VOD_Cloud_Compute match Yes AND Tag::Key match Owner. This query looks for cloud instances of type VM that includes a Tag/Key pair for owner

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum Asset Name that matches the query) for display in the chart. This chart uses the additional filter count Lucidum Asset Name by Tag.Value

    • The Chart Type is “Pie”.

  • Completely Untagged Instance. This chart displays cloud assets with no tags.

    • This chart uses the query Lucidum_VOD_Cloud_Compute match Yes AND Tag not meet all: Key exists. This query looks for cloud instances of type VM that where no Tag/Key pairs exist.

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum Asset Name that matches the query) for display in the chart. This chart uses the additional filter count Tag:: Key by Lucidum Asset Name

    • The Chart Type is “Table”.

  • EC2 Instances Missing Name Tags. This chart displays cloud assets without name tags.

    • This chart uses the query Lucidum_VOD_Cloud_Compute match Yes AND Tag::Key not match Name. This query looks for cloud instances of type VM that do not include a Tag/Key pair for name.

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum Asset Name that matches the query) for display in the chart. This chart uses the additional filter count Tag::Key by Lucidum Asset Name to display the instance name and the number of keys that do exist.

    • The Chart Type is “Pie”.

  • EC2 Instances Missing Owner Tags. This chart displays cloud assets without owner tags.

    • This chart uses the query Lucidum_VOD_Cloud_Compute match Yes AND Tag::Key not match Owner. This query looks for cloud instances of type VM that do not include a Tag/Key pair for name.

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum Asset Name that matches the query) for display in the chart. This chart uses the additional filter count Tag::Key by Lucidum Asset Name to display the instance name and the number of keys that do exist for each instance name

    • The Chart Type is “Table”.

  • EC2 Instances Missing Status Tags. This chart displays cloud assets without status tags.

    • This chart uses the query Lucidum_VOD_Cloud_Compute match Yes AND Tag::Key not match Status. This query looks for cloud instances of type VM that do not include a Tag/Key pair for status.

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum Asset Name that matches the query) for display in the chart. This chart uses the additional filter count Tag::Key by Lucidum Asset Name to display the instance name and the number of keys that do exist for each instance name.

    • The Chart Type is “Table”.

  • EC2 Instances Missing Cost Center Tags. This chart displays cloud assets without cost center tags.

    • This chart uses the query Lucidum_VOD_Cloud_Compute match Yes AND Tag::Key not match cost-center. This query looks for cloud instances of type VM that do not include a Tag/Key pair for cost center.

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum Asset Name that matches the query) for display in the chart. This chart uses the additional filter count Tag::Key by Lucidum Asset Name to display the instance name and the number of keys that do exist for each instance name.

    • The Chart Type is “Table”.

Endpoint Management Dashboard

The Endpoint Management dashboard displays information about assets that are not running an endpoint agent.

The Endpoint Management dashboard looks like this:

Base Query

Most of the charts in this dashboard use the following base query:

Endpoint Agent (yes/no) is not yes AND Asset Type is equal to VM OR Asset Type is equal to Workstation OR Asset Type is equal to Cloud.Compute OR Asset Type is equal to Servers OR Asset Type is equal to Virtual.Guest OR Asset Type is equal to Server OR Asset Type is equal to Workstations OR Asset Type is equal to Windows OR Asset Type is equal to MacMDM

This query searches for assets that do not have an endpoint agent and where the Asset Type is VM, Workstation, Cloud.Compute, Servers, Virtual.Guest, Server, Workstations, Windows, or MacMDM. These are all the types of endpoint in our example system.

If you wanted to create a dashboard for a different set of endpoints, you can supply one or more different asset types in the query or delete one or more asset types in the query. To view all Asset Types in your Lucidum system, in the Query Builder, select Asset Type. The value field includes a list of available Asset Types to choose from.

Charts

To view details about each chart, click the pencil icon (

).

  • Endpoint Agent Missing: Compute Assets. This chart displays a count of all endpoints without endpoint agents.

    • This chart uses the query Endpoint Agent (yes/no) is not yes AND Asset Type is equal to VM OR Asset Type is equal to Workstation OR Asset Type is equal to Cloud.Compute OR Asset Type is equal to Servers OR Asset Type is equal to Virtual.Guest OR Asset Type is equal to Server OR Asset Type is equal to Workstations OR Asset Type is equal to Windows OR Asset Type is equal to MacMDM

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum Asset Name that matches the query) for display in the chart. This chart does not use an additional filter.

    • The Chart Type is “Big Number.

  • Data Sources of No-Endpoint-Agent Devices. This chart displays all endpoints without endpoint protection and also displays the data sources associated with these endpoints.

    • This chart uses the query Endpoint Agent (yes/no) is not yes AND Asset Type is equal to VM OR Asset Type is equal to Workstation OR Asset Type is equal to Cloud.Compute OR Asset Type is equal to Servers OR Asset Type is equal to Virtual.Guest OR Asset Type is equal to Server OR Asset Type is equal to Workstations OR Asset Type is equal to Windows OR Asset Type is equal to MacMDM

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum Asset Name that matches the query) for display in the chart. This chart uses the additional filter count Lucidum Asset Name by Data Sources

    • The Chart Type is “Bar”.

  • Locations of No-Endpoint-Agent Devices. This chart displays the locations for all devices without endpoint protection.

    • This chart uses the query Endpoint Agent (yes/no) is not yes AND Asset Type is equal to VM OR Asset Type is equal to Workstation OR Asset Type is equal to Cloud.Compute OR Asset Type is equal to Servers OR Asset Type is equal to Virtual.Guest OR Asset Type is equal to Server OR Asset Type is equal to Workstations OR Asset Type is equal to Windows OR Asset Type is equal to MacMDM

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum Asset Name that matches the query) for display in the chart. This chart uses the additional filter count Lucidum Asset Name by Location

    • The Chart Type is “Bar”.

  • Departments of No-Endpoint-Agent Devices. This chart displays the departments associated with devices without endpoint protection.

    • This chart uses the query Endpoint Agent (yes/no) is not yes AND Asset Type is equal to VM OR Asset Type is equal to Workstation OR Asset Type is equal to Cloud.Compute OR Asset Type is equal to Servers OR Asset Type is equal to Virtual.Guest OR Asset Type is equal to Server OR Asset Type is equal to Workstations OR Asset Type is equal to Windows OR Asset Type is equal to MacMDM

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum Asset Name that matches the query) for display in the chart. This chart uses the additional filter count Lucidum Asset Name by Department

    • The Chart Type is “Bar”.

  • OS of No-Endpoint-Agent Devices. This chart displays the operating systems and versions associated with devices without endpoint protection.

    • This chart uses the query Endpoint Agent (yes/no) is not yes AND Asset Type is equal to VM OR Asset Type is equal to Workstation OR Asset Type is equal to Cloud.Compute OR Asset Type is equal to Servers OR Asset Type is equal to Virtual.Guest OR Asset Type is equal to Server OR Asset Type is equal to Workstations OR Asset Type is equal to Windows OR Asset Type is equal to MacMDM

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum Asset Name that matches the query) for display in the chart. This chart uses the additional filter count Lucidum Asset Name by OS and Version

    • The Chart Type is “Bar”.

  • Asset Types of No-Endpoint-Agent Devices. This chart displays the asset types associated with devices without endpoint protection.

    • This chart uses the query Endpoint Agent (yes/no) is not yes AND Asset Type is equal to VM OR Asset Type is equal to Workstation OR Asset Type is equal to Cloud.Compute OR Asset Type is equal to Servers OR Asset Type is equal to Virtual.Guest OR Asset Type is equal to Server OR Asset Type is equal to Workstations OR Asset Type is equal to Windows OR Asset Type is equal to MacMDM

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum Asset Name that matches the query) for display in the chart. This chart uses the additional filter count Lucidum Asset Name by Asset Type

    • The Chart Type is “Bar”.

  • Vendors of No-Endpoint-Agent Devices. This chart displays the vendors associated with devices without endpoint protection.

    • This chart uses the query Endpoint Agent (yes/no) is not yes AND Asset Type is equal to VM OR Asset Type is equal to Workstation OR Asset Type is equal to Cloud.Compute OR Asset Type is equal to Servers OR Asset Type is equal to Virtual.Guest OR Asset Type is equal to Server OR Asset Type is equal to Workstations OR Asset Type is equal to Windows OR Asset Type is equal to MacMDM

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum Asset Name that matches the query) for display in the chart. This chart uses the additional filter count Lucidum Asset Name by Vendor

    • The Chart Type is “Bar”.

  • Risk Level of No-Endpoint-Agent Devices. This chart displays the risk level for the devices without endpoint protection.

    • This chart uses the query Endpoint Agent (yes/no) is not yes AND Asset Type is equal to VM OR Asset Type is equal to Workstation OR Asset Type is equal to Cloud.Compute OR Asset Type is equal to Servers OR Asset Type is equal to Virtual.Guest OR Asset Type is equal to Server OR Asset Type is equal to Workstations OR Asset Type is equal to Windows OR Asset Type is equal to MacMDM

    • The Summary further filters and organizes the query results (set of additional fields for each Lucidum Asset Name that matches the query) for display in the chart. This chart uses the additional filter count Lucidum Asset Name by Risk Level

    • The Chart Type is “Bar”.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close