Login
Contents x
Events
  • 10 Nov 2022
  • 1 Minute to read
  • Contributors
  • Print
  • PDF
Contents

Events

  • Updated on 10 Nov 2022
  • 1 Minute to read
  • Contributors
  • Print
  • PDF
Article summary

In this article we explain Events; a vital tool in collecting useful raw data.

Overview

Skylight Interceptor Events provides access to “raw” events, which is a crucial piece of functionality for threat hunting and forensics. Using Events, you can query raw data that has been collected and then put that data towards a better understanding of what has happened on certain IP addresses in a particular protocol.

Note: By default, all events are stored for three months. However, this time can be increased upon request.

Accessing Events

To access events:

  1. Go to Cybersecurity ▶ Events.

access events.gif

Once you are in the Events tab, you can view information in various layers. By selecting the area of interest from the left toolbar, you can choose from the following:

  • ICMP
  • TCP
  • UDP
  • TLS
  • DCERP
  • DNS
  • HTTP
  • Databases
  • CIFS
  • SSH

types of events.gif

Distribution Settings

The distribution settings allow you to show or hide specific parameters, as shown below:

distributing settings for events.gif

The distribution setting columns are easily rearranged by grabbing and dragging them into the order you prefer, as shown below:

drag and drop.gif

Note: Because there is very little use for aggregated data in security, Interceptor does not use this. Instead, Interceptor needs to analyze the raw events, and will retain the data longer than analytics.

Filtering Events

To filter events:

  1. Go to Cybersecurity► Events

  2. Use common filter bar, as shown below
    filter bar.gif

    Or click on the value you are interested in from within the distribution view, as shown below.

event_dist_filter.gif

You can add one or more values to the filter from the event table. These values can be added as included or excluded, simply by choosing the appropriate icon.
See the example below.

event_table_filt.gif

© 2024 Cisco and/or its affiliates. All rights reserved.
 
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks


Was this article helpful?
What's Next
© 2024 Cisco Privacy Statement Cookies Legal
Change password!
Changing your password will log you out immediately. Use the new password to log back in.
Change profile
Success!
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
Logout