The Security Analytics modules that are listed in the Security Analytics menu (Administration, Investigation, Live, Alerts, Reports, more) are called views, and each view provides functions tailored for the module. In addition, there is a Profile view, accessible directly from the Security Analytics menu, which presents options for user preferences.
To display a view, select a module from the Security Analytics menu. For example, Security Analytics, Administration, Investigation, or Live. As you roll your cursor over the module, you can select a view from the options menu. From within the module, you can select an alternate view from the Security Analytics toolbar. For example, Administration has six views: Hosts, Services, Event Sources, Health & Wellness, System, and Security.
This example of the Administration Hosts view illustrates some of the features of a view.
Each view has different features. Any combination of these features is possible in a view:
- Panels: there are two different types of specialized panels, options panel and node tree
- Grids or tables
- Context menus
The general parts of a view are labeled in the figures below.
The following table provides descriptions of the features labeled above.
|1||tabs||Organize the features of a panel into easily viewed and accessible groups so that you don't have to scroll down the page to view everything. If a panel has many options, the tabs make it easier to navigate to the right group of options in a panel.|
|2||toolbar||A toolbar may apply to the entire view, to a section, or to a panel.|
|3,4||sections (top to bottom)||Within a panel, some dashboards have sections that organize information from top to bottom; for example, the Service Info view has two sections in the Service panel, the Service section at the top and the Session Information section at the bottom. Sometimes you may need to scroll down to view a section near the bottom of the panel.|
|5,6||panels (left to right)||Within a view, most dashboards have panels that organize information from left to right; for example, the Service Stats view has two panels, the main panel on the left and the Chart Stats Tray panel on the right. The Chart Stats Tray is not the main focus, so it is collapsible to allow more space in the main panel.|
|7||options panel||The options panel is a panel that lists options available in a view. Frequently, the options panel doesn't have a title. A list of choices without a header are called options.|
|8||node tree||A node tree is a list of nodes with expandable and collapsible folders.|
Breadcrumbs display the options selected to reach this view. Click on a crumb to go back to the view or menu. In some modules breadcrumbs have additional functions. For example, in Investigation a breadcrumb represents a sequence of queries used to reach the current drill point and you can edit the query directly from the breadcrumb.
Context menus offer options that pertain specifically to the current context. In certain views, hovering over an item and right-clicking the mouse displays the options that can apply to that item. Throughout the Security Analytics documentation, context menus are discussed in the pertinent modules and views.
A good example of a context menu is shown in the Navigation view. When you right-click a count for a meta value (the green number in the parentheses), the menu offers one option: to open the drill in a new tab.
When you right-click on the meta value (blue text), a different context menu is displayed. In this context, there are options to scan for malware, look up the value in Investigation and to display the same drill in a new tab, apply the reverse of this drill (!EQUALS) in the same tab, or apply the reverse of this drill in a new tab.