This section in the ARMO portal provides the system statistics, main alerts, logs, and data.
The information provided in the dashboard allows an understanding of the current status of ARMO protected components and the system in general.
The sections and sub-sections in the Dashboard main page:
|Parameter(s) Image||Parameter Name||Description|
|Registered Clusters||Shows the number of currently registered or configured clusters in the system. The clusters are listed based on the cluster name defined by the user during the ARMO deployment cluster registration procedure|
|Active Clusters||Shows the number of clusters up and running (active) in the system, and connected to ARMO SaaS|
|Namespaces||Shows the number of non-empty namespaces across all clusters defined in the system|
|Active Namespaces||Shows the number of active namespaces across all clusters defined in the system|
|Active Workloads||Shows the number of running workloads in the system across all clusters defined in the system|
|Number of Instances||Shows the number of running instances across all running workloads in all clusters defined in the system|
|Incident Log||Shows the latest incidents in the system based on the following sorting options: Sort by Time, Sort by Type of alerts, and Sort by Severity of alerts. You can further investigate the alerts by selecting the incident listing to reach the full data in Incidents section.|
|Alert Statistics||Shows the frequency of alert severities based on the latest 500 incidents. You can further investigate the status data on the level of Incident Log or Incidents section. Select the status listing links in the diagram to reach the full data.|
I dont think it is the last 500 - it shoudl be all the incidents
| Workload status | Shows the workload status data of the entire system. You can further investigate the status data on the level of Incident Log or Incidents section. Select the status listing links in the diagram to reach the full data.
| Alerts Over Time | Alerts Over Time graph shows the entire system alerting data over a certain timeline. You can further investigate the status data on the level of Incident Log or Incidents section. Select the status listing links in the diagram to reach the full data.
The following parameters are not viewable in the system I'm connected to: Number of Workloads
The following parameters won't be mentioned: Registered DC, Active DC, Registered Projects, Active Projects
Please note that INCIDENT LOG listing format (All capitals) is different from the other parameters and sections listing
Please note that attributes listing format (no capital A) is different from the other parameters and sections listing
Please note that Alert(s) Statistics is miswritten. It should be Alert Statistics
Please note that it is preferably best to show statistics of a stable system for the graphs: Alert Statistics, Workload Status and Alerts Over Time: 90% low, 4% medium and 1% high (or less)
The data shown in the section can be filtered by selecting the various components to better define your system Scope. By filtering the various components:
|Severity||Description||Alert Level||Related workload Status|
|Info||Defines the events consisting mainly of information regarding the system status||Event||Signed, Attached|
|High||Defines the alerts addressing actions or behaviors which indicate an actual compromising risk that affects the system workloads||Critical||Compromised|
|Low||Defines the alerts addressing actions or behaviors which indicate low-risk events that affect the system workloads||Warning||Signed, Attached|
|Medium||Defines the alerts addressing actions or behaviors which may indicate a problem or a risk that can affect the system workloads||Serious||Unattached|
The statistics shown in the diagram are based on information collected within the timeline of (?) hours.
The data listed regarding the number of alerts shown under Medium or High definition indicates a problem that needs to be investigated on the level of Incident Log or Incidents section. The investigation allocates the actual troublesome behavior occurring and the root cause for it.
what is the timeline based on which the data is presented
missing image of Alert Statistics for a stable system: 90% low, 4% medium and 1% high
What is Alert Level? why is low before medium? why we need related workload status?