Investigation: Manage Column Groups in the Events View

Document created by RSA Information Design and Development on Jul 22, 2016
Version 1Show Document
  • View in full screen mode

This topic provides instructions for an analyst to create and manage custom column groups for displaying data in the Navigation > Events view.

When viewing a list of events in Security Analytics Investigation > Events view, you can customize the way data is displayed by defining the meta to display in a column, the position of the column in the grid, and the default width of the column.

Note: Investigation profiles can include custom column groups. If a custom column group is used in a profile and you are viewing events in the Events view using a custom column group, you cannot change the view type (Detail, List, or Log). 

Create Custom Column Group

  1. In the Security Analytics menu, select Investigation > Events.
    The Events view is displayed.
  2. Select Manage Column Groups in the toolbar (the option name is the default value (Detail View or the current value).
    The Manage Column Groups dialog is displayed. This example has one column group already defined.
  3. To add a new column group in the column group panel, click Icon-Add.png and type the name of the new group in the resulting field.
  4. The column definition panel opens on the right with the group name filled in. You can edit the group name.
  5. To add a column to the group, click Icon-Add.png, and click in the empty Meta Key field to display the Meta Key drop-down list.
  6. Select a meta key field from the list, and repeat this step until the column set is complete.
  7. (Optional) To delete a meta key from the column group, click Icon_Delete_sm.png.
  8. (Optional) To rearrange the sequence in which the columns appear in the Events list, drag meta keys to the desired position.
  9. (Optional) To set the default width for a column, click in the corresponding value in the Width column, and type a new column width.
  10. (Optional) To revert to the previous settings for the column group, and undo all of your changes, click Reset.
  11. When ready to save, do one of the following:
    1. To save the the edited column group and refresh the Events view with the column group settings, click Save and Apply.
    2. To save the edited column group without refreshing the Events view, click Save.

Select a Custom Column Group

  1. With the Events view open, select Custom Column Groups in the toolbar (the option name is the default value (Detail View or the current value).
  2. Select one of the custom groups from the submenu.
    The Events view is refreshed to reflect the custom column group.
You are here: Conduct an Investigation > Examine Events > Manage Column Groups in the Events View