The Security Analytics modules that are listed in the Security Analytics menu (Administration, Investigation, Live, Alerts, Reports, more) are called views, and each view provides functions tailored for the module. In addition, there is a Profile view, accessible directly from the Security Analytics menu, which presents options for user preferences
To display a view, select a module from the Security Analytics menu. For example, Security Analytics, Administration, Investigation, or Live. As you roll your cursor over the module, you can select a view from the options menu. From within the module, you can select an alternate view from the Security Analytics toolbar. For example, Administration has six views: Hosts, Services, Event Sources, Health & Wellness, System, or Security.
This example of the Administration Appliances view illustrates some of the features of a view.
Each view has different features. Any combination of these features is possible in a view:
- Panels: there are two different types of specialized panels, options panel and node tree
- Grids or tables
- Context Menus
The parts of a view are labeled in the figures below.
The following table provides descriptions of the features labeled above.
|1||bread crumbs||Display the options selected to reach this view. Click on a crumb to go back to the view or menu.|
|2||toolbar||A toolbar may apply to the entire view, to a section, or to a panel.|
|3,4||sections (top to bottom)||Within a panel, some dashboards have sections that organize information from top to bottom; for example, the Service Info view has two sections in the Service panel, the Service section at the top and the Session Information section at the bottom. Sometimes you may need to scroll down to view a section near the bottom of the panel.|
|5,6||panels (left to right)||Within a view, most dashboards have panels that organize information from left to right; for example, the Service Stats view has two panels, the main panel on the left and the Chart Stats Tray panel on the right. The Chart Stats Tray is not the main focus, so it is collapsible to allow more space in the main panel.|
|7||options panel||The options panel is a panel that lists options available in a view. Frequently, the options panel doesn't have a title. A list of choices without a header are called options.|
|8||node tree||A node tree is a list of nodes with expandable and collapsible folders.|
Security Analytics has a large set of context menus that you access by right-clicking an object. Context menus offer options that pertain specifically to the current context. In certain views, hovering over an item and right-clicking the mouse displays the options that can apply to that item. Throughout the Security Analytics documentation, context menus are discussed in the pertinent modules and views.
A good example of a context menu is shown in the Navigation view. When you right-click a count for a value (the green number in the parentheses), the menu offers two options: to open the drill in a new tab.
When you right-click on the value (blue text), a different context menu is displayed. In this context, there are options to scan for malware, look up the value in Investigation and to display the same drill in a new tab, apply the reverse of this drill (!EQUALS) in the same tab, or apply the reverse of this drill in a new tab.