Matrix Data Chart Use Case: Vulnerability Severities by OS
When it comes to reporting in Axonius, perhaps the most underutilized chart in the Dashboard module is the "Matrix Data" chart.
What is the Matrix Data chart? Taken from the Axonius documentation, the Matrix Data Chart lets you visualize, in a stacked bar chart, a data matrix that consists of multiple data intersections between one or more base queries and up to 3 intersecting queries. In other words, the Matrix Data chart packs in a lot of information into one chart! With a solution like Axonius that aggregates a wealth of asset metadata, the Matrix Data chart is a powerful tool to add depth to reporting and capture added dimensions of asset information.
This article will show how to use a Matrix Data chart to show the breakdown of devices for each Vulnerability Severity by OS in your environment. This kind of dashboard is very helpful for reporting:
- the number of devices in your environment that have Critical/High/Medium vulnerabilities
- the percentage of devices for each vulnerability severity as part of the total devices by OS
While this article covers a specific use case, you can apply some of the principles in this article to build your own Matrix Data chart. Let's walk through the steps to build out this chart.
Step 1: Build your base queries
For this use case, we want to see how many devices have Critical/High/Medium vulnerabilities for each operating system in the environment. So we will build base queries to scope devices by OS. The above screenshot shows our query for Windows devices. What is not shown are additional base queries for OS X and Linux devices that we will use later in our Matrix Data chart.
Step 2: Build your intersecting queries
After building your base queries, it's time to build your intersecting queries. For this use case, we will build queries for Critical, High, and Medium vulnerability severities. The underlying query to build the Saved Query in the screenshot above is ("specific_data.data.software_cves.cve_severity" == "CRITICAL"). After this, we will build the two remaining intersecting queries for High and Medium severity vulnerabilities (not shown).
Note: If you have vulnerability data pulled into Axonius from a vulnerability assessment adapter, you may want to modify your query to use adapter specific vulnerability severity ratings that are native to that vulnerability scanning tool (e.g. Qualys, Tenable, or Rapid7).
Step 3: Build your Matrix Data chart
First, create a new chart in the Dashboard module and select 'Matrix Data' from the Chart Metric dropdown, as shown above.
Then, select 'Devices' from the Module dropdown and add in your base queries that group devices by OS (Windows, OS X, and Linux). Once this is done, add in the intersecting queries that group vulnerabilities by severity (Critical, High, and Medium). Click Save.
After a few seconds (time may vary depending on size of data), you can marvel at your Matrix Data chart! Each bar in the chart represents a different group of devices by OS (our base queries), and shows the breakdown of vulnerability severities across the devices (our intersecting queries).
In order to see the breakdown (percentage and count) of devices for each vulnerability severity, hover your mouse over the bars, as depicted above.
The Matrix Data chart is a powerful tool that allows you to add depth to your reports. Unlike all other charts in the Dashboard module, the Matrix Data chart adds a third dimension which allows you to easily visualize the wealth of asset information that exists in the Axonius platform and embedded in its base and intersecting queries. Additionally, with this chart, you can intuitively consolidate one or more charts into one and save real estate in your Dashboard spaces.