In this installment of the Tips and Insights series, Dan Lewandowski discusses how to use Helix to build a custom PCI dashboard. These dashboards can be used for compliance or auditing purposes.
Hi I’m Dan Lewandowski Senior Systems Engineer here at FireEye and today I’m going to show you how to use Helix to build a custom PCI dashboard. This can be used for your compliance teams or whether you have an audit or any kind of compliance issues related to PCI. So the first thing we want to do is go to the dashboards drop-down and click on “CUSTOM”. And then we’ll go over to the right side of the screen and click on “CREATE”. Here we’ll want to type in the title. In this case it’s PCI 10.2.5. Since we’re going to pull information related to PCI’s 10.2.5 rule. And then Windows Use of Identification and Authentication Mechanisms. When we’re done with that we’ll type in the description. So we know exactly what this dashboard is displaying. And once we’re done with the description we can type in tags so we know what this relates to. So when you’re putting things like PCI 10.2.5 Windows authentication. And once we fill out all our tags we’ll go ahead and click on “CREATE”. So now that we have our dashboard will have to fill it out with what we call widgets. So we’ll go to the top right and click on “ADD WIDGET”.
And we’ll type in the title which in this case it’s going to be Cardholder Data Environment. User Modification By Timestamp. When we’re through with that we’ll type in the description again and describe exactly what this widget is going to be going to be displaying.
And once we’re done with the description we’ll go down to the widget settings. And this one we want to be a bar. So we’ll click on that then click on the query tab and we’ll enter in the actual query that we’re going to use to run this widget. We’ll want to change the time-frame to one week. Leave the width at 100 and then we’ll type in the query that we’re going to use to populate the data in this widget. So we’ll do a class equals ms windows event and event id followed by all those numbers that we saw in the description. And once we’re done with that we can click on “SAVE’. And there we have our first widget. To populate another one we’ll go ahead and create another widget just like we did before. Fill in the title. In this case this one is Cardholder Data Environment User Modification Details.
And once we’re done typing in the title type in the description. Once we’re done with that we’ll go ahead and leave this one as a table. And then click on the query tab. Change one day to one week. The results to 20 and leave the width at 100. And the we’ll enter our query in again.
When the queries finished go ahead and click on “SAVE”.
Thanks for your time and stay tuned for more FireEye tips and insights.Thanks for your time and stay tuned for more FireEye tips and insights.