Events
  • 10 Nov 2022
  • 1 Minute to read
  • Contributors
  • Dark
    Light
  • PDF

Events

  • Dark
    Light
  • PDF

In this article we explain Events; a vital tool in collecting useful raw data.

Overview

Skylight Interceptor Events provides access to “raw” events, which is a crucial piece of functionality for threat hunting and forensics. Using Events, you can query raw data that has been collected and then put that data towards a better understanding of what has happened on certain IP addresses in a particular protocol.


Note: By default, all events are stored for three months. However, this time can be increased upon request.

Accessing Events

To access events:

  1. Go to Cybersecurity ▶ Events.

access events.gif

Once you are in the Events tab, you can view information in various layers. By selecting the area of interest from the left toolbar, you can choose from the following:

  • ICMP
  • TCP
  • UDP
  • TLS
  • DCERP
  • DNS
  • HTTP
  • Databases
  • CIFS
  • SSH

types of events.gif

Distribution Settings

The distribution settings allow you to show or hide specific parameters, as shown below:

distributing settings for events.gif

The distribution setting columns are easily rearranged by grabbing and dragging them into the order you prefer, as shown below:

drag and drop.gif


Note: Because there is very little use for aggregated data in security, Interceptor does not use this. Instead, Interceptor needs to analyze the raw events, and will retain the data longer than analytics.

Filtering Events

To filter events:

  1. Go to Cybersecurity► Events

  2. Use common filter bar, as shown below
    filter bar.gif

    Or click on the value you are interested in from within the distribution view, as shown below.

event_dist_filter.gif

You can add one or more values to the filter from the event table. These values can be added as included or excluded, simply by choosing the appropriate icon.
See the example below.

event_table_filt.gif

© 2022 Accedian Networks Inc. All rights reserved. Accedian®, Accedian Networks®,  the Accedian logo™, Skylight™, Skylight Interceptor™ and per-packet intel™, are trademarks or registered trademarks of Accedian Networks Inc. To view a list of Accedian trademarks visit: http://accedian.com/legal/trademarks/. 


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.