InsightVM Release Announcement: Global Dashboard Filters

InsightVM users have been able to create dashboards, add different visualizations in the form of cards and apply filters to these cards. Rapid7 also provided dashboard templates which enabled users to create views focusing on scenarios such as Microsoft's Patch Tuesday, identifying and assessing Remote assets, highlighting changes in their environment in the last 30 days and many more.

Before today, you would have to apply queries to individual cards to focus these visualizations on particular assets or vulnerabilities - like focusing all of the cards in a dashboard on servers running Ubuntu. InsightVM provides an easy and powerful means to create these filters, but this was cumbersome if a dashboard contained numerous cards.

This is why we're happy to announce the release of the ability to apply a query to a dashboard and all of the cards will now adjust the results accordingly. To illustrate this, let's consider a hypothetical InsightVM user named Dana.

Dana is a security engineer at a rapidly expanding, global organization. This company regularly adds new offices around the world. Every office requires new servers and networks, and these assets need to be secured.

Dana's first task when a new office is acquired is to create a dashboard for each new location using the Significant Changes in the Past 30 Days template. She finds this helps her keep up with changes in the risk posture of their environments. However, every time she creates one of these dashboards, she needs to add a filter to each of the 14 cards to focus on the office for which it's intended. This task can take up to an hour, which is time she would rather spend on securing her environment.

This release allows Dana to build a query that filters assets for the new office, create the dashboard from the template, and apply the query to the dashboard. All of the cards will focus on the intended location. This whole process takes about five minutes as opposed to 30 minutes and she is now free to turn their attention back to remediating vulnerabilities.

It's worth noting that Dana is still able to filter cards, but the introduction of global dashboard filtering creates a situation where drilling into specific view is shaped by the filters applied in subsequent views. One can think of this as nested scoping of views within InsightVM.

Nested scoping

Let's lean on our previous example with Dana. She wants to create a view that accounts for all of the Windows 10 assets in their environment.

She creates a new dashboard using the Significant Changes in the Last 30 Days template and applies a dashboard query that filters for all Windows 10 assets. All of the cards in that dashboard will now reflect the results from that query.

Dana then navigates to the expanded view of the Total Asset Trends card. The results here would be filtered by the card query introduced by the template and the dashboard filter introduced by the user.

This view can further be refined by loading a query at the card level. In this example, let's suppose Dana is interested in ICMP vulnerabilities and loads a query that filters for this.

When Dana navigates to one of the assets listed in this view, the result will respect all subsequent filters. In this example, that would include: the dashboard template filter, the dashboard filter and the card query - that is, the ICMP vulnerabilities on a Windows 10 asset added within the last 30 days.

You can see that these changes provide the ability to greatly focus views into your environment.

Changes in the Dashboard Card Filtering Experience

Readers familiar with the previous card filtering experience will notice that we loaded a query into this example, but there was no in-card query builder. The addition of nested scoping complicates the filtering experience and as Spiderman's Uncle Ben once said, 'With great power comes great responsibility.'

We've changed the experience to allow customers to create and save queries in the query builder and load those into the cards as opposed to creating ad hoc queries because we found this created confusion in further refining a scope to several previous scope constraints.

While we understand that this change will require some adjustments to your workflows, we are confident that the additional functionality of globally filtered dashboards are well worth the effort.