SIEM
This is the definition of a SIEM sample from real life.
Use all macro and search definition and adjust the mentioned sourcetype to your needs.
<dashboard><label>SIEM</label><row><panel><table><searchName>Critical EXTERNAL systems</searchName><title>Critical EXTERNAL systems</title><option name="count">20</option><option name="displayRowNumbers">true</option></table></panel></row><row><panel><chart><searchName>Main</searchName><title>Severity over dept</title><option name="charting.axisTitleX.text">Week</option><option name="charting.chart">column</option><option name="charting.chart.nullValueMode">gaps</option><option name="charting.chart.stackMode">default</option><option name="charting.layout.splitSeries">false</option><option name="charting.legend.placement">right</option><option name="charting.primaryAxisTitle.text"/></chart></panel></row><row><panel><table><searchName>Authentication Failures</searchName><title>Authentication Failures</title><option name="count">10</option><option name="dataOverlayMode">highlow</option><option name="displayRowNumbers">true</option></table></panel></row><row><panel><event><searchName>Host that have VULNs, IPS and Malware</searchName><title>Host that have VULNs, IPS and Malware</title></event></panel></row><row><panel><table><searchName>Most patchable servers</searchName><title>Most patchable servers</title></table></panel><panel><table><searchName>Unsolved Malware events</searchName><title>Unsolved Malware events</title></table></panel></row><row><panel><table><searchName>Hosts missing in asset database</searchName><title>Hosts missing in asset database</title></table></panel><panel><table><searchName>Authentication Errors while scanning</searchName><title>Authentication Errors while scanning</title></table></panel></row><row><panel><chart><searchName>New vulns by time</searchName><title>New vulns being added to Qualys by time</title><option name="charting.chart">area</option><option name="charting.chart.nullValueMode">gaps</option><option name="charting.chart.stackMode">default</option><option name="charting.layout.splitSeries">false</option><option name="charting.legend.placement">right</option><option name="charting.primaryAxisTitle.text">Date</option><option name="charting.secondaryAxisTitle.text">Adj. priority</option></chart></panel></row><row><panel><chart><searchName>Reduce overall risk just by patching</searchName><title>Reduce overall risk just by patching</title><option name="charting.chart">column</option></chart></panel></row><row><panel><table><searchName>Risc reduce by patching servers</searchName><title>Risc reduce by patching servers</title></table></panel></row><row><panel><table><searchName>New vulns found the last 24h</searchName><title>New vulns found the last 24h</title></table></panel></row><row><panel><table><searchName>Non patchable EXTERNAL</searchName><title>Non patchable EXTERNAL</title></table></panel></row><row><panel><chart><searchName>Unknown owner by dept</searchName><title>Unknown owner by dept</title><option name="charting.chart">bar</option></chart></panel></row><row><panel><table><searchName>BOT Net hits the last 24 hours</searchName><title>BOT Net hits the last 24 hours</title></table></panel></row><row><panel><table><searchName>Torrent findings</searchName><title>Torrent findings</title></table></panel></row><row><panel><table><searchName>NO AV installed</searchName><title>NO AV installed</title></table></panel></row><row><panel><chart><title>Time since last data from IDS system</title><searchString>sourcetype=snort | eval right_now = now() | eval time_diff = right_now - _time | eval hours = round(time_diff/3600) | where hours >= 24 | eval alert = "Hours since logs last seen - " .hours | dedup host | table host_nt_host alert hours| sort -hours</searchString><earliestTime>-7d@h</earliestTime><latestTime>now</latestTime><option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option><option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option><option name="charting.axisTitleX.visibility">visible</option><option name="charting.axisTitleY.visibility">visible</option><option name="charting.axisTitleY2.visibility">visible</option><option name="charting.axisX.scale">linear</option><option name="charting.axisY.scale">linear</option><option name="charting.axisY2.enabled">0</option><option name="charting.axisY2.scale">inherit</option><option name="charting.chart">bar</option><option name="charting.chart.nullValueMode">gaps</option><option name="charting.chart.sliceCollapsingThreshold">0.01</option><option name="charting.chart.stackMode">default</option><option name="charting.chart.style">shiny</option><option name="charting.drilldown">all</option><option name="charting.layout.splitSeries">0</option><option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option><option name="charting.legend.placement">right</option></chart></panel></row><row><panel><table><title>IDS not sending data the past week</title><searchString>sourcetype=company:utm:snort | fillnull value=Unknown | stats latest(_time) As _time by host | where _time>(now()-3600)</searchString><earliestTime>-7d</earliestTime><latestTime>now</latestTime></table></panel></row></dashboard>