Powered by Zoomin Software. For more details please contactZoomin

Flowmon ADS

Table of Contents

Widgets

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: April 5, 2026
  • 5 minute read
    • Flowmon Products
    • Flowmon Anomaly Detection System
    • Documentation

This page describes the widgets that the Flowmon ADS module provides for the Dashboard and Reports. The widgets are configurable. For the majority of them, it is possible to choose the content to include in the widgets and the types of charts to display. Also, it is possible to configure data to be visualized in the widget (for example, the data feed, the perspective, and so on). The following widgets are provided by the Flowmon ADS module:

Security status

The Security status widget summarizes the overall security status of the network by showing the number of events for each priority. The status is indicated by the color of the shield icon based on the highest priority of events that were detected.

The security status widget example
The security status widget example

Event overview by priority

The widget shows the event types ordered by the highest priority, with the corresponding number of detected events for each event type. The ratio of event count for each priority is visualized in the chart in the upper part of the widget. This widget type also provides a variant that allows you to display events received from the IDS collector.

The event overview by priority widget example
The event overview by priority widget example

Event overview by type

This widget is very similar to the Event overview by priority widget - the only difference is that the chart does not visualize the ratio of event count for each priority but it shows the ratio of event count for event types. This widget type also provides a variant that allows you to display events received from the IDS collector.

The event overview by type widget example
The event overview by type widget example

Flows Overview

The widget contains a chart that visualizes the number of flows that have been processed by the Flowmon ADS module in a specified time interval.

The Flows Overview widget example
The Flows Overview widget example

Top 10 event types by priority and count

This widget shows the top 10 detected event types with the highest priority and the highest number of events. The ratio of detected events for each event type is visualized in the chart in the upper part of the widget. This widget type also provides a variant that allows you to display events received from the IDS collector.

Top 10 event types by priority and count widget example
Top 10 event types by priority and count widget example

Top 10 event types by count

The widget shows the top 10 event types with the highest number of detected events. It also provides a variant that allows you to display events received from the IDS collector.

The Top 10 event types by count widget example
The Top 10 event types by count widget example

Top 10 IPs by event count

The widget shows the 10 IP addresses that produce the greatest number of events. It also provides a variant that allows you to display the same information for events received from the IDS collector.

The Top 10 IPs by event count widget example
The Top 10 IPs by event count widget example

Top 10 events by priority

The widget shows the 10 most important events according to their priority. Events with the same priority are ordered by the time of their detection (newer events are prioritized before the older ones). This widget type also provides a variant that allows to display events received from the IDS collector.

The Top 10 events by priority widget example
The Top 10 events by priority widget example

The latest 10 new events

The widget shows the top 10 events that were newly detected in the network. It also provides a variant that allows you to display events received from the IDS collector.

The latest 10 new events widget example
The latest 10 new events widget example

Top 10 last active event types by count

This widget shows the top 10 event types with the highest count of events that are currently active in the network. The event is considered to be active if it is newly detected or updated within the time period specified by the InactiveTimeout parameter (see SettingsSystem SettingsStorage settings). Note that this widget does not respect the selected time interval and it always shows the latest active events in the network.

The Top 10 last active event types by count widget example
The Top 10 last active event types by count widget example

MITRE ATT&CK widget

This widget visualizes detected events using the MITRE ATT&CK Matrix. For each tactic and technique, it displays the corresponding count of events. The number under the names of particular MITRE tactics represents the number of events that have a respective tactic assigned. The number in the brackets following after the name of MITRE techniques specifies the number of events with a particular technique assigned. Note that one event may have more MITRE techniques from the same MITRE tactic assigned. This may lead to a situation when the number presented under the name of a particular MITRE tactic is lower than the sum of events for all techniques under the tactic.

The widget allows you to enable a compact mode that displays only the count of events for MITRE tactics (without techniques). This can be useful - to see a brief overview of current network incidents‘ stages according to the MITRE ATT&CK framework. Events displayed in the widget can be filtered according to the chosen perspective or data feed. The names of tactics and techniques are clickable. Upon clicking on them, you are redirected to the list of particular events that belong to the selected tactic/technique.

MITTRE ATT&CK widget example
MITTRE ATT&CK widget example

The compact mode of MITRE ATT&CK widget example
The compact mode of MITRE ATT&CK widget example

TitleResults for “How to create a CRG?”Also Available inAlert