- Print
- DarkLight
Business Intelligence Integration
Business intelligence (BI) refers to the process of gathering, analyzing, and transforming raw data into meaningful and actionable insights that can inform business decisions. It helps organizations to identify patterns and trends, make predictions, and gain a better understanding of customer behavior, market trends, and other key factors that can impact business performance. These insights can then be used to improve operations, reduce costs, increase efficiency, and ultimately drive business growth.
DataBee helps extract relevant data from Endpoint Detection and Response (EDR) tools like Carbon Black, CrowdStrike Falcon, FireEye Endpoint Security etc. It then transforms and sends the data to a cloud-based data warehousing platform such as Snowflake. Integration with BI tools enables better visualization and analysis of your data. DataBee can help organizations identify gaps in their EDR coverage and take steps to mediate these gaps before they can be exploited by attackers. By collecting and correlating data from multiple sources, DataBee can provide a more comprehensive view of an organization’s security posture and help identify areas where additional controls and/or processes may be needed. DataBee has the ability to generate reports that highlight EDR coverage gaps and provide recommendations for addressing these gaps.
Configure Snowflake & BI Tool
By setting up a connection between Snowflake and a BI tool, you can access data sources within Snowflake, create queries, design reports, and share them with others. This provides scalability, flexibility, and cost-effectiveness, allowing you to handle large volumes of data, support growing business needs, and make data-driven decisions.
You can find the detailed steps for connecting Tableau, a data visualization and BI software, with Snowflake by clicking on the Tableau-Snowflake Connection Guide.
To learn how to connect Power BI, a business analytics service by Microsoft, with Snowflake, refer to the Power BI-Snowflake Connection Guide.
BI Dashboards
Databee offers users access to dashboard templates designed for use with Tableau and Power BI, which can be requested through our support team. These templates are tailored to cover various general GRC (Governance, Risk Management, and Compliance) use cases. Each customer has the flexibility to customize their Executive KPI dashboard, selectively incorporating only the specific subset of dashboards and use cases that align with their interests and needs.
All dashboards include a powerful feature that allows users to filter data based on employee organizational structures. This functionality empowers leaders at all levels to refine results, focusing on individuals within a selected organization. Additionally, each dashboard provides a detailed drill-down option that presents individual assets and findings in a convenient tabular format.
Each dashboard consists of two parts. The front-end component of the dashboard template is uploaded directly to your chosen BI tool, either Tableau or Power BI. Meanwhile, the logic required for generating KPIs (Key Performance Indicators) and detailed views is housed within a dedicated view installed in your data lake. These provided dashboards are intended to serve as templates or starting points, enabling customers to easily customize and combine them to create their preferred views within their BI tool.
Managing access to views in Snowflake
You can easily grant access to dashboard views within Snowflake. Execute these steps to allow the role being used by your BI tool to access your newly installed views.
PL/SQL
grant usage on database <database> to role <role>;
grant usage on schema <database>.<schema> to role <role>;
grant select on view <database>.<schema>.<view> to role <role>;
If you need to grant access to views that will be created in the future, follow these steps.
PL/SQL
grant usage on database <database> to role <role>;
grant usage on schema <database>.<schema> to role <role>;
grant select on future views in schema <database>.<schema> to role <role>;
Continuous Controls Framework
The Continuous Controls Framework (CCF) dashboard within your chosen BI tool is an essential component designed to provide real-time insights into your organization's internal controls and compliance processes. This dynamic dashboard offers a centralized hub where you can monitor, evaluate, and manage controls continuously. It leverages automation and data integration to streamline control testing, enabling you to promptly identify and address deviations or issues as they occur. With the CCF dashboard, you gain the ability to generate reports, ensuring that your organization maintains a proactive stance in maintaining a robust control environment. This empowers you to adapt and scale your control framework in response to evolving risks and compliance needs, making it indispensable for ensuring regulatory compliance and data security.
EDR
Endpoint Detection and Response is a pivotal cybersecurity solution dedicated to safeguarding individual endpoints, such as computers, servers, and mobile devices. The EDR dashboard and reports within your BI tool provide a tailored view of endpoint security data, offering real-time insights into potential threats and vulnerabilities unique to endpoint security. This specialized tool enables you to track and analyze security incidents, continuously monitor the health of your endpoints, and swiftly respond to any suspicious activities. With the EDR dashboard, your organization gains the critical ability to proactively defend against cyber threats, ensuring the utmost security and integrity of your network and sensitive data.
Now, let's explore the detailed view of each dashboard type.
BI Dashboards overview
The Executive KPI Dashboard provides a comprehensive overview of cybersecurity within the enterprise. This powerful tool enables users to monitor key aspects of cybersecurity, including asset management, secure configuration, phishing incidents, secure logging and so on. These critical cybersecurity components are intelligently categorized according to their core functions, such as identify, protect, detect, respond and recover.
It displays the percentage of each component, allowing you to define target percentages for comparison. You can easily track trends over recent months. To enhance clarity, results are color-coded according to color legend, making it straightforward to identify areas that need attention. Plus, for your convenience, the dashboard offers the option to download detailed reports in PDF format, ensuring that you have actionable insights at your fingertips.
With this dashboard, executives can effortlessly gain a bird's-eye view of their organization's cybersecurity landscape, allowing for informed decision-making and proactive security measures.
EDR Report
The Endpoint Protection Substatus offers essential insights for effective EDR management. EDR offers real-time monitoring and response capabilities to protect your digital assets. You can view the EDR Coverage Compliance percentage where the target is set to 90. The dashboard provides a record of EDR Coverage Compliance percentage history over the past months, allowing you to track performance trends. It visually represents the distribution of EDR products in your enterprise with various breakdowns: EDR coverage by environment (cloud, on-premises, and workstations) and by operating system (Linux, Windows, and others).
Configuration Coverage is a critical aspect of cybersecurity that encompasses the assessment and management of system configurations to ensure security and compliance. Within this dashboard, you can explore what Configuration Coverage entails. It provides a clear view of Configuration Coverage Compliance percentage and its percentage history over the past months . Additionally, you can delve deeper into Configuration Coverage by environment, including cloud, on-premises, and workstations, as well as by operating system, covering Linux, Windows, and other platforms.
One notable feature of the EDR dashboard is its ability to filter results based on your organizational hierarchy. You can easily select from a dropdown menu that includes options such as Executive VP, Senior VP, or Executive Director. When you choose a specific level within your organization, the KPIs are dynamically recalculated to include only individuals within that selected reporting chain. This empowers leaders at various levels to focus on the specific security status of their teams and ensures that the EDR insights are directly relevant to the scope of their responsibilities.
To access a detailed view of endpoint protection details, simply click on 'CLICK HERE TO BE TAKEN TO THE DETAIL VIEW'. This view presents tabular data with essential endpoint protection information.
Asset Management Report
Asset Management is a crucial component of effective organizational control, focusing on the tracking and optimization of valuable resources. Within this dashboard, you can explore what Asset Management entails. It displays the Asset Coverage Compliance percentage and asset coverage to target in relation to the target percentage. You can monitor the compliance percentage history over the past months. The dashboard also offers detailed insights into asset substatus components, including FQDN (Fully Qualified Domain Name), IP addresses, operating systems, and more, ensuring comprehensive asset oversight.
To access a detailed view of asset management details, simply click on 'CLICK HERE TO BE TAKEN TO THE DETAIL VIEW'. This view presents tabular data with essential asset management information.
Vulnerability Management Report
Vulnerability Management is a vital aspect of safeguarding your organization's digital assets. Within this dashboard, you can gain valuable insights into your vulnerability management strategy. It offers a visual representation of Vulnerability Management Compliance Percentage, allowing you to assess your adherence to security standards. Additionally, you can monitor Vulnerability Remediation Percentage in relation to SLAs (Service Level Agreements) and track it against your target. The dashboard provides the history of vulnerability remediation percentage spanning the past months to help you analyze trends. Furthermore, it presents Vulnerability Resolution by severity, enabling you to prioritize and address vulnerabilities effectively. You can also view Vulnerability Resolution by environment, offering a comprehensive breakdown for informed decision-making.
To access a detailed view of vulnerability management details, simply click on 'CLICK HERE TO BE TAKEN TO THE DETAIL VIEW'. This view presents tabular data with essential vulnerability management information.