Login
    Contents x
    Events
    • 10 Nov 2022
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Contents

    Events

    • Updated on 10 Nov 2022
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    In this article we explain Events; a vital tool in collecting useful raw data.

    Overview

    Skylight Interceptor Events provides access to “raw” events, which is a crucial piece of functionality for threat hunting and forensics. Using Events, you can query raw data that has been collected and then put that data towards a better understanding of what has happened on certain IP addresses in a particular protocol.

    Note: By default, all events are stored for three months. However, this time can be increased upon request.

    Accessing Events

    To access events:

    1. Go to Cybersecurity ▶ Events.

    access events.gif

    Once you are in the Events tab, you can view information in various layers. By selecting the area of interest from the left toolbar, you can choose from the following:

    • ICMP
    • TCP
    • UDP
    • TLS
    • DCERP
    • DNS
    • HTTP
    • Databases
    • CIFS
    • SSH

    types of events.gif

    Distribution Settings

    The distribution settings allow you to show or hide specific parameters, as shown below:

    distributing settings for events.gif

    The distribution setting columns are easily rearranged by grabbing and dragging them into the order you prefer, as shown below:

    drag and drop.gif

    Note: Because there is very little use for aggregated data in security, Interceptor does not use this. Instead, Interceptor needs to analyze the raw events, and will retain the data longer than analytics.

    Filtering Events

    To filter events:

    1. Go to Cybersecurity► Events

    2. Use common filter bar, as shown below
      filter bar.gif

      Or click on the value you are interested in from within the distribution view, as shown below.

    event_dist_filter.gif

    You can add one or more values to the filter from the event table. These values can be added as included or excluded, simply by choosing the appropriate icon.
    See the example below.

    event_table_filt.gif

    © 2024 Accedian Networks Inc. All rights reserved. Accedian®, Accedian Networks®,  the Accedian logo™, Skylight™, Skylight Interceptor™ and per-packet intel™, are trademarks or registered trademarks of Accedian Networks Inc. To view a list of Accedian trademarks visit: http://accedian.com/legal/trademarks/. 

    Was this article helpful?
    What's Next
    Get In Touch
    Learn
    About Us
    © 2024 Accedian Legal
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout