Overview Dashboard

The Active Directory Overview dashboard contains information on monitored Active Directory events within the past three (3) hours. It has the following cards:

Overview Dashboard

Authentication Attacks – Number of authentication attacks that started in the specified timeframe, i.e., last three (3) hours. The value for this card is a hyperlink to the Authentication Attacks Dashboard.
AD Changes – Number of Active Directory changes recorded in the specified timeframe, i.e., last three (3) hours. The value for this card is a hyperlink to the AD Changes Dashboard.
GPO Changes – Number of group policy object changes recorded in the specified timeframe, i.e., last three (3) hours. The value for this card is a hyperlink to the GPO Monitoring Dashboard.
Administrator Events – Number of events related to Administrators that have been recorded in the specified timeframe, i.e., last three (3) hours. The value for this card is a hyperlink to the Administrator Auditing Dashboard.
Active Users – Number of distinct users who have been involved with events that have been recorded in the specified timeframe, i.e., past three (3) hours
Monitored Domains – Number of distinct domains involved with events that have been recorded in the specified timeframe, i.e., past three (3) hours
Threat Prevention Events – Timeline of all events sent by Threat Prevention to QRadar within the last three (3) hours
Attacks by Type – Breakdown of authentication attacks that started within the last three (3) hours by type of attack. See the Graph Card Features topic for additional information.
Active Directory Changes – Breakdown of Active Directory change events recorded in the specified timeframe, i.e., last three (3) hours. See the Graph Card Features topic for additional information.