The Security Analytics modules that are listed in the Security Analytics menu (Administration, Investigation, Live, Alerts, Reports, more) are called views, and each view provides functions tailored for the module. In addition, there is a Profile view, accessible directly from the Security Analytics menu, which presents options for user preferences.
To display a view, select a module from the Security Analytics menu. For example, Security Analytics, Administration, Investigation, or Live. As you roll your cursor over the module, you can select a view from the options menu. From within the module, you can select an alternate view from the Security Analytics toolbar. For example, Administration has six views: Hosts, Services, Event Sources, Health & Wellness, System, and Security.
This example of the Administration Hosts view illustrates some of the features of a view.
Each view has different features. Any combination of these features is possible in a view:
- Panels: there are two different types of specialized panels, options panel and node tree
- Grids or tables
- Context menus
The general parts of a view are labeled in the figures below.
The following table provides descriptions of the features labeled above.
Breadcrumbs display the options selected to reach this view. Click on a crumb to go back to the view or menu. In some modules breadcrumbs have additional functions. For example, in Investigation a breadcrumb represents a sequence of queries used to reach the current drill point and you can edit the query directly from the breadcrumb.
Context menus offer options that pertain specifically to the current context. In certain views, hovering over an item and right-clicking the mouse displays the options that can apply to that item. Throughout the Security Analytics documentation, context menus are discussed in the pertinent modules and views.
A good example of a context menu is shown in the Navigation view. When you right-click a count for a meta value (the green number in the parentheses), the menu offers one option: to open the drill in a new tab.
When you right-click on the meta value (blue text), a different context menu is displayed. In this context, there are options to scan for malware, look up the value in Investigation and to display the same drill in a new tab, apply the reverse of this drill (!EQUALS) in the same tab, or apply the reverse of this drill in a new tab.