Visualize enables users to create visualizations of the data from Log Search indices, which can then be added to dashboards for analysis.

Visualizations are based on Log Search queries. By using a series of aggregations to extract and process data, users can create charts that display trends, spikes, and dips that indicate security events.



Top Failed Resources by ReportId

This report provides a visualization of the top 5 resource types (Lambda, IAM User, S3 bucket, etc) failing the in the cloud environment. This is inner ring of the pie chart. Within each of those Top 5, the top 5 resources failing are then identified.

Pass/Fail Over Time

This report provides a visualization of how resource pass/fail counts have changed over time. Changing the date range allows for viewing how the environment has evolved over time.



Top failed resources by criticality by ReportId

This report shows the the top 5 resources by criticality in a pie chart. The inner ring is the criticality, while the outer ring shows the top 5 resources for each of those critcalities.

Critical Resource Failure

This report will show you the resources that failed a control with a severity of 8, 9 or 10. These are considered critical and makes it easy to visualize the high severity resources that should be addressed first.



For more resources on creating and configuring Visualizations for Log Search, please visit the Elastic Kibana and Chaossearch documentation.