Skip to main content
Sumo Logic

Install the Twistlock App and view the Dashboards

This page provides instructions on how to install the Twistlock App, as well as examples of each of the dashboards. The App pre-configured searches and Dashboards provide easy-to-access visual insights into your data.

Install the App

This section shows you how to install the Twistlock App. 

To install the app, do the following:

Locate and install the app you need from the App Catalog. If you want to see a preview of the dashboards included with the app before installing, click Preview Dashboards.

  1. From the App Catalog, search for and select the app. 
  2. To install the app, click Add to Library and complete the following fields.
    1. App Name. You can retain the existing name, or enter a name of your choice for the app.

    2. Data Source. Select either of these options for the data source.

      • Choose Source Category, and select a source category from the list.

      • Choose Enter a Custom Data Filter, and enter a custom source category beginning with an underscore. Example: (_sourceCategory=MyCategory).

    3. Advanced. Select the Location in Library (the default is the Personal folder in the library), or click New Folder to add a new folder.
  3. Click Add to Library.

Once an app is installed, it will appear in your Personal folder, or other folder that you specified. From here, you can share it with your organization. 

Panels will start to fill automatically. It's important to note that each panel slowly fills with data matching the time range query and received since the panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps. 

Filter with template variables   

Template variables provide dynamic dashboards that rescope data on the fly. As you apply variables to troubleshoot through your dashboard, you can view dynamic changes to the data for a fast resolution to the root cause. For more information, see the Filter with template variables help page.

Twistlock - Overview

The Twistlock - Overview dashboard provides an at-a-glance overview of the state of your Kubernetes and container environments, including the number of hosts, containers, audit events, rules triggered, and defender incidents. The panels also display information on a variety of critical vulnerabilities by type, severity, and affected containers.

Use this dashboard to:

  • Verify the number of host containers being monitored by Twistlock.
  • Quickly understand and remediate vulnerabilities on hosts and images.
  • Understand which CVEs have fixes available and use that information to triage and remediate vulnerabilities.
  • Monitor trends for vulnerabilities and compliance issues detected.

twistlock overview mewbourds.png

Twistlock - Scans

The Twistlock - Scans dashboard provides insights into scan events. Panels show scan summaries, vulnerability information and container compliance violations.

Use this dashboard to:

  • Monitor scan events and their results.
  • Identify and remediate the most vulnerable hosts, images, and compliance violations.

twistlock scans dashboard.png

Twistlock - Detected Vulnerabilities

The Twistlock - Detected Vulnerabilities dashboard provides detailed information on detected vulnerabilities in the registry, image, and host.

Use this dashboard to: 

  • Prioritize, identify and remediate vulnerabilities on the registry, images, and hosts.
  • Identify top rules triggered by Twistlock to understand how to optimize or add new rules going forward.
  • Use "Twistlock - CVE Status" dashboard to work on a specific host, image, and registry, based on Twistlock's recommendation.

twistlock detected vulnernabilities dashboard.png

Twistlock - CVE Status

The Twistlock - CVE Status dashboard combines high-level views of common vulnerabilities and exposures (CVE) along with detailed information. Panels display at-a-glance views for host, image, and registry scans, and available fixes.

Use this dashboard to:

  • Quickly identify, prioritize, and remediate CVE’s in your environment, for which documented fixes are available.
  • Monitor trends of vulnerabilities detected within the last 2 days.

twistlock cve status dashboard.png

Twistlock - Compliance Violations

The Twistlock - Compliance Violations dashboard provides detailed information on system-wide compliance violations, organized according to the severity of violation, description of violation, and rules triggered by the violation.

Use this dashboard to:

  • Prioritize, identify, and remediate compliance violations.
  • Identify Twistlock rules that trigger violations and optimize them as needed.
  • Monitor compliance finding. These finding messages are generated as a byproduct of container scans, image scans, host scans, and registry scans.

twistlock compliance violations dashboard.png

Twistlock - Defender Incidents

The Twistlock - Defender Incidents dashboard combines high-level and detailed information for defender incidents, which are logical groupings of events related by context that reveal known attack patterns, defender incidents, and process activity.

Use this dashboard to monitor: 

  • Known attack patterns. Incidents are logical groupings of events, related by context, that reveal known attack patterns.
  • Processes activity in a container. Look into whether the process was spawned from a shell session.

twistlock defender incidents mewboards.png

Twistlock - Runtime

The Twistlock - Runtime dashboard provides detailed information on system and runtime threats, alerts and management activity.

Use this dashboard to:

  • Identify and remediate runtime threats in container environments across file systems, processes, system calls, or the network.
  • Monitor audit events for console administrative activities and defender audit events.

twistlock runtime dashboard.png