Management

Sources ℹ️

Sources are fundamental components that define the data collection points of the SIEM system and are essential resources that must be added for the dataview page to function properly. A source can be any device you want to integrate into your SIEM product, including network devices such as firewalls and switches, or client machines with installed agents. Various methods can be used to send logs from these devices to the SIEM software: the most common Syslog protocol can be used over 514/UDP or 514/TCP ports, API-based integrations can be implemented, or data transfer can be provided through the agent's own dedicated port and protocol. To add a Data Source, see How to Use.

Internal Logs 👨‍⚕️

Unlike traffic logs, internal logs provide detailed information about the state of the container system on which the logger software is running. They also provide visibility into event logs generated by the logger software itself. As with all log types, features such as date-based filtering and column customization are available here. Filtering and column customization is described in detail in the Data View manual. To access Internal Logs, go to DataView > Administration > Internal Logs

Audit Logs 🕵️‍♀️

Audit logs display user activity on the logger software. They provide detailed records of events such as login and logout actions, as well as object modifications, deletions, and additions within the system. As with all log types, features like date filtering and column customization are available. Filtering and column customization is described in detail in the Data View manual. To access audit logs, DataView > Management > Audit Logs