...
| Table of Contents |
|---|
Dashboard UI
Security Events
Under the tab ‘Overview’ click Security Events to access the dashboard.
In the time picker in the upper right corner you can pick the time period you are interested in.
...
You can easily disable the filter by unchecking the checkbox sign.
File integrity monitoring (FIM)
FIM monitors important changes that occur on the host itself.
It keeps track of everything relevant and critical to the operating system (config files, binaries, patch installation, software upgrade etc.).
For example, zoom into the data about a specific machine. Add a filter ‘agent.name is ’ and choose the machine ID (you can get and copy the id from the CMDB). You will be able to view all the events that occurred with this particular host.
File integrity monitoring records all the events in real time, the data couldn’t be deleted or adjusted.
Raw data UI
Go to Discover tab
For a more profound investigation, go to the ‘Discover’ tab. You will then drop into raw data user interface.
...
In this raw data UI you can also add filters by clicking zoom in and out signs or add them manually as mentioned above.
File integrity monitoring (FIM)
FIM monitors important changes that occur on the host itself.
It keeps track of everything relevant and critical to the operating system (config files, binaries, patch installation, software upgrade etc.).
For example, zoom into the data about a specific machine. Add a filter ‘agent.name is ’ and choose the machine ID (you can get and copy the id from the CMDB). You will be able to view all the events that occurred with this particular host.
File integrity monitoring records all the events in real time, the data couldn’t be deleted or adjusted.
In the ‘agents’ tab you can view your current status as far as the agents, the versions, who is connected, what platforms you have etc.