[{"data":1,"prerenderedAt":1532},["ShallowReactive",2],{"navigation":3,"/en/reports/scheduled-reports":411,"/en/reports/scheduled-reports-surround":433},[4,218],{"title":5,"_path":6,"children":7},"En","/en",[8,29,35,67,77,87,105,130,148,155,162,178,190],{"title":9,"_path":10,"children":11},"Getting Started","/en/getting-started",[12,14,17,20,23,26],{"title":13,"_path":10},"Introduction",{"title":15,"_path":16},"Quick Start","/en/getting-started/quickstart",{"title":18,"_path":19},"Installation on Docker Standalone","/en/getting-started/dockerstandalone",{"title":21,"_path":22},"Installation on Docker Swarm","/en/getting-started/dockerswarm",{"title":24,"_path":25},"Installation on Windows","/en/getting-started/windows",{"title":27,"_path":28},"Installation on Linux","/en/getting-started/linux",{"title":30,"_path":31,"children":32},"Dashboard","/en/dashboard",[33],{"title":30,"_path":34},"/en/dashboard/dashboard",{"title":36,"_path":37,"children":38},"Datacollector","/en/datacollector",[39,42,45],{"title":40,"_path":41},"Data View","/en/datacollector/view",{"title":43,"_path":44},"Management","/en/datacollector/management",{"title":46,"_path":47,"children":48},"Vendors","/en/datacollector/vendors",[49,52,55,58,61,64],{"title":50,"_path":51},"Default Syslog Configuration","/en/datacollector/vendors/default",{"title":53,"_path":54},"FortiGate Syslog Configuration","/en/datacollector/vendors/fortigate-syslog",{"title":56,"_path":57},"Palo Alto Syslog Configuration","/en/datacollector/vendors/palo-alto-syslog",{"title":59,"_path":60},"Ruijie Syslog Configuration","/en/datacollector/vendors/ruijie-syslog",{"title":62,"_path":63},"Sophos Syslog Configuration","/en/datacollector/vendors/sophos-syslog",{"title":65,"_path":66},"SonicWall Syslog Configuration","/en/datacollector/vendors/sonicwall-syslog",{"title":68,"_path":69,"children":70},"Reports","/en/reports",[71,74],{"title":72,"_path":73},"Reports Views","/en/reports/view",{"title":75,"_path":76},"Scheduled Reports","/en/reports/scheduled-reports",{"title":78,"_path":79,"children":80},"Alert","/en/alert",[81,84],{"title":82,"_path":83},"Rule Management","/en/alert/rule-management",{"title":85,"_path":86},"Notification Policy","/en/alert/notification-policy",{"title":88,"_path":89,"children":90},"Hotspot","/en/hotspot",[91,93,96,99,102],{"title":13,"_path":92},"/en/hotspot/introduction",{"title":94,"_path":95},"Location","/en/hotspot/locations",{"title":97,"_path":98},"Templates","/en/hotspot/templates",{"title":100,"_path":101},"User Activity","/en/hotspot/user-stats",{"title":103,"_path":104},"Black & White List","/en/hotspot/bw-list",{"title":106,"_path":107,"children":108},"Integrations","/en/integrations",[109,112,115,118,121,124,127],{"title":110,"_path":111},"SMTP Server","/en/integrations/smtp",{"title":113,"_path":114},"SMS Provider","/en/integrations/sms",{"title":116,"_path":117},"PMS Integration","/en/integrations/pms",{"title":119,"_path":120},"LDAP Integration","/en/integrations/ldap",{"title":122,"_path":123},"API Integration","/en/integrations/api",{"title":125,"_path":126},"NTP Server Integration","/en/integrations/ntp",{"title":128,"_path":129},"Timestamp Server Integration","/en/integrations/time-stamp-server",{"title":43,"_path":131,"children":132},"/en/management",[133,136,139,142,145],{"title":134,"_path":135},"Data Management","/en/management/data-management",{"title":137,"_path":138},"Contact Management","/en/management/contact-management",{"title":140,"_path":141},"Object Management","/en/management/object",{"title":143,"_path":144},"Command Line Interface","/en/management/command-line-interface",{"title":146,"_path":147},"Disk Capacity Planning Formula","/en/management/disk-management",{"title":149,"_path":150,"children":151},"License","/en/license",[152],{"title":153,"_path":154},"License & Agents","/en/license/license",{"title":156,"_path":157,"children":158},"User Authentication","/en/user-authentication",[159],{"title":160,"_path":161},"User & Authentication ","/en/user-authentication/user-authentication",{"title":163,"_path":164,"children":165},"System","/en/system",[166,169,172,175],{"title":167,"_path":168},"Administrator Management","/en/system/administrator",{"title":170,"_path":171},"Feature Visibility","/en/system/features-visibility",{"title":173,"_path":174},"Update","/en/system/update",{"title":176,"_path":177},"System Settings","/en/system/settings",{"title":179,"_path":180,"children":181},"Practice","/en/practice",[182,185,187],{"title":183,"_path":184},"Top Bantwidth Usage","/en/practice/topbantwidthusage",{"title":183,"_path":186},"/en/practice/most-visited-websites",{"title":188,"_path":189},"Inspect Blocked Traffic","/en/practice/inspect-blocked-traffic",{"title":191,"_path":192,"children":193},"Blog","/en/blog",[194,197,200,203,206,209,212,215],{"title":195,"_path":196},"Load Balance Configuration with Docker Swarm","/en/blog/load-balance-config",{"title":198,"_path":199},"Getting Started with the AI Module","/en/blog/ai-module",{"title":201,"_path":202},"How To Config Fortigate Syslog","/en/blog/how-to-config-fortigate-syslog",{"title":204,"_path":205},"How To Config Paloalto Syslog","/en/blog/how-to-config-paloalto-syslog",{"title":207,"_path":208},"How To Config Sophos Syslog","/en/blog/how-to-config-sophos-syslog",{"title":210,"_path":211},"Installing MinIO on Linux Server","/en/blog/minio-install",{"title":213,"_path":214},"Docker Desktop On Windows","/en/blog/docker-desktop-on-windows",{"title":216,"_path":217},"Installing Docker on Ubuntu Server","/en/blog/docker-on-ubuntu-server",{"title":219,"_path":220,"children":221},"Tr","/tr",[222,242,247,275,284,293,310,333,350,356,361,375,387],{"title":223,"_path":224,"children":225},"Giriş","/tr/getting-started",[226,227,230,233,236,239],{"title":223,"_path":224},{"title":228,"_path":229},"Hızlı Başlangıç","/tr/getting-started/quickstart",{"title":231,"_path":232},"Docker Standalone Üzerine Kurulum","/tr/getting-started/dockerstandalone",{"title":234,"_path":235},"Docker Swarm Üzerinde Kurulum","/tr/getting-started/dockerswarm",{"title":237,"_path":238},"Windows'ta Kurulum","/tr/getting-started/windows",{"title":240,"_path":241},"Linux'ta Kurulum","/tr/getting-started/linux",{"title":30,"_path":243,"children":244},"/tr/dashboard",[245],{"title":30,"_path":246},"/tr/dashboard/dashboard",{"title":36,"_path":248,"children":249},"/tr/datacollector",[250,252,254],{"title":40,"_path":251},"/tr/datacollector/view",{"title":43,"_path":253},"/tr/datacollector/management",{"title":46,"_path":255,"children":256},"/tr/datacollector/vendors",[257,260,263,266,269,272],{"title":258,"_path":259},"Varsayılan Syslog Yapılandırması","/tr/datacollector/vendors/default",{"title":261,"_path":262},"FortiGate Syslog Yapılandırması","/tr/datacollector/vendors/fortigate-syslog",{"title":264,"_path":265},"Palo Alto Syslog Yapılandırması","/tr/datacollector/vendors/palo-alto-syslog",{"title":267,"_path":268},"Ruijie Syslog Yapılandırması","/tr/datacollector/vendors/ruijie-syslog",{"title":270,"_path":271},"Sophos Syslog Yapılandırması","/tr/datacollector/vendors/sophos-syslog",{"title":273,"_path":274},"SonicWall Syslog Yapılandırması","/tr/datacollector/vendors/sonicwall-syslog",{"title":68,"_path":276,"children":277},"/tr/reports",[278,281],{"title":279,"_path":280},"Rapor Görünümleri","/tr/reports/view",{"title":282,"_path":283},"Planlanmış Raporlar","/tr/reports/scheduled-reports",{"title":78,"_path":285,"children":286},"/tr/alert",[287,290],{"title":288,"_path":289},"Kural Yönetimi","/tr/alert/rule-management",{"title":291,"_path":292},"Bildirim Politikası","/tr/alert/notification-policy",{"title":88,"_path":294,"children":295},"/tr/hotspot",[296,298,301,304,307],{"title":223,"_path":297},"/tr/hotspot/introduction",{"title":299,"_path":300},"Konum","/tr/hotspot/locations",{"title":302,"_path":303},"Şablonlar","/tr/hotspot/templates",{"title":305,"_path":306},"Kullanıcı Etkinliği","/tr/hotspot/user-stats",{"title":308,"_path":309},"Kara ve Beyaz Liste","/tr/hotspot/bw-list",{"title":106,"_path":311,"children":312},"/tr/integrations",[313,315,318,321,324,327,330],{"title":110,"_path":314},"/tr/integrations/smtp",{"title":316,"_path":317},"SMS Sağlayıcı","/tr/integrations/sms",{"title":319,"_path":320},"Pms","/tr/integrations/pms",{"title":322,"_path":323},"LDAP Entegrasyonu","/tr/integrations/ldap",{"title":325,"_path":326},"API Entegrasyonu","/tr/integrations/api",{"title":328,"_path":329},"NTP Sunucu Entegrasyonu","/tr/integrations/ntp",{"title":331,"_path":332},"Zaman Damgası Sunucusu Entegrasyonu","/tr/integrations/time-stamp-server",{"title":43,"_path":334,"children":335},"/tr/management",[336,339,342,345,347],{"title":337,"_path":338},"Veri Yönetimi","/tr/management/data-management",{"title":340,"_path":341},"İletişim Yönetimi","/tr/management/contact-management",{"title":343,"_path":344},"Nesne Yönetimi","/tr/management/object",{"title":143,"_path":346},"/tr/management/command-line-interface",{"title":348,"_path":349},"Disk Kapasite Planlama Formülü","/tr/management/disk-management",{"title":149,"_path":351,"children":352},"/tr/license",[353],{"title":354,"_path":355},"Lisans ve Ajanlar","/tr/license/license",{"title":156,"_path":357,"children":358},"/tr/user-authentication",[359],{"title":156,"_path":360},"/tr/user-authentication/user-authentication",{"title":163,"_path":362,"children":363},"/tr/system",[364,367,370,372],{"title":365,"_path":366},"Yönetici Yönetimi","/tr/system/administrator",{"title":368,"_path":369},"Özellik Görünürlüğü","/tr/system/features-visibility",{"title":173,"_path":371},"/tr/system/update",{"title":373,"_path":374},"Sistem Ayarları","/tr/system/settings",{"title":179,"_path":376,"children":377},"/tr/practice",[378,381,384],{"title":379,"_path":380},"En Yüksek Bandwidth Kullanımı","/tr/practice/topbantwidthusage",{"title":382,"_path":383},"Top Bandwidth Kullanımı","/tr/practice/most-visited-websites",{"title":385,"_path":386},"Engellenen Trafiği İncele","/tr/practice/inspect-blocked-traffic",{"title":191,"_path":388,"children":389},"/tr/blog",[390,393,396,398,400,402,405,408],{"title":391,"_path":392},"Docker Swarm ile Yük Deneleme Yapılandırması","/tr/blog/load-balance-config",{"title":394,"_path":395},"AI Modülü ile Başlarken","/tr/blog/ai-module",{"title":201,"_path":397},"/tr/blog/how-to-config-fortigate-syslog",{"title":204,"_path":399},"/tr/blog/how-to-config-paloalto-syslog",{"title":207,"_path":401},"/tr/blog/how-to-config-sophos-syslog",{"title":403,"_path":404},"Minio Install","/tr/blog/minio-install",{"title":406,"_path":407},"Windows'ta Docker Desktop","/tr/blog/docker-desktop-on-windows",{"title":409,"_path":410},"Ubuntu Server'da Docker Kurulumu","/tr/blog/docker-on-ubuntu-server",{"_path":76,"_dir":412,"_draft":413,"_partial":413,"_locale":414,"title":75,"description":415,"body":416,"_type":427,"_id":428,"_source":429,"_file":430,"_stem":431,"_extension":432},"reports",false,"","This section provides information about the scheduled report module of the Logger software.",{"type":417,"children":418,"toc":424},"root",[419],{"type":420,"tag":421,"props":422,"children":423},"element","timeline",{},[],{"title":414,"searchDepth":425,"depth":425,"links":426},2,[],"markdown","content:en:4.reports:3.scheduled-reports.md","content","en/4.reports/3.scheduled-reports.md","en/4.reports/3.scheduled-reports","md",[434,780],{"_path":73,"_dir":412,"_draft":413,"_partial":413,"_locale":414,"title":72,"description":435,"body":436,"_type":427,"_id":777,"_source":429,"_file":778,"_stem":779,"_extension":432},"This section provides information about the report module of the Logger software.",{"type":417,"children":437,"toc":761},[438,446,452,457,462,468,473,480,526,532,550,556,561,567,592,598,603,609,614],{"type":420,"tag":439,"props":440,"children":442},"h2",{"id":441},"what-is-report-module-️",[443],{"type":444,"value":445},"text","What Is Report Module ? 🤷‍♂️",{"type":420,"tag":447,"props":448,"children":449},"p",{},[450],{"type":444,"value":451},"The Reporting module provides various types of reports by categorizing live logs based on their log types. Each generated report can be interpreted with the help of the AI assistant. The Dataview page shows the data in rows, while the Report View page shows the data grouped and then aggregated. This way you can see very large data in bulk.",{"type":420,"tag":447,"props":453,"children":454},{},[455],{"type":444,"value":456},"In order for a report type to be generated, the corresponding log data must be sent by your device. For example, if you want to identify which websites a user generates the most traffic to, Web traffic must be detected and logged by the firewall.",{"type":420,"tag":447,"props":458,"children":459},{},[460],{"type":444,"value":461},"This detection is typically handled through specific security policies applied on your security devices. The exact configuration of these policies may vary depending on the vendor and model of the device in use.",{"type":420,"tag":439,"props":463,"children":465},{"id":464},"manage-report-view",[466],{"type":444,"value":467},"Manage Report View 👨‍💼",{"type":420,"tag":447,"props":469,"children":470},{},[471],{"type":444,"value":472},"The Report View page has some features, follow the sections below to learn about these features;",{"type":420,"tag":474,"props":475,"children":477},"h3",{"id":476},"filters",[478],{"type":444,"value":479},"Filters 🔡",{"type":420,"tag":481,"props":482,"children":483},"ul",{},[484,496],{"type":420,"tag":485,"props":486,"children":487},"li",{},[488,494],{"type":420,"tag":489,"props":490,"children":491},"strong",{},[492],{"type":444,"value":493},"Sources:",{"type":444,"value":495}," Select the data sources you are adding here.",{"type":420,"tag":485,"props":497,"children":498},{},[499,504,506,511,513,518,520,524],{"type":420,"tag":489,"props":500,"children":501},{},[502],{"type":444,"value":503},"Reports Type:",{"type":444,"value":505}," The section just below the ",{"type":420,"tag":489,"props":507,"children":508},{},[509],{"type":444,"value":510},"Sources",{"type":444,"value":512}," heading shows the report you have selected. You can select the report with the ",{"type":420,"tag":489,"props":514,"children":515},{},[516],{"type":444,"value":517},"Select Report",{"type":444,"value":519},"     button. When you click the ",{"type":420,"tag":489,"props":521,"children":522},{},[523],{"type":444,"value":517},{"type":444,"value":525}," button, you will see report types based on category. After selecting the report type you want to review, the chart section will take shape.",{"type":420,"tag":474,"props":527,"children":529},{"id":528},"group-options",[530],{"type":444,"value":531},"Group Options",{"type":420,"tag":447,"props":533,"children":534},{},[535,537,541,543,548],{"type":444,"value":536},"After selecting the report type, you will see charts and ",{"type":420,"tag":489,"props":538,"children":539},{},[540],{"type":444,"value":531},{"type":444,"value":542},". Predefined group options will appear in the section below the chart according to the report type you have selected. You can also ",{"type":420,"tag":489,"props":544,"children":545},{},[546],{"type":444,"value":547},"drill down",{"type":444,"value":549}," a report you have selected and see the sub details.",{"type":420,"tag":474,"props":551,"children":553},{"id":552},"tab",[554],{"type":444,"value":555},"Tab 📑",{"type":420,"tag":447,"props":557,"children":558},{},[559],{"type":444,"value":560},"You can search multiple reports at the same time in separate tabs.",{"type":420,"tag":474,"props":562,"children":564},{"id":563},"date-filtering-️",[565],{"type":444,"value":566},"Date Filtering 🗓️",{"type":420,"tag":447,"props":568,"children":569},{},[570,572,577,579,584,585,590],{"type":444,"value":571},"You can search for reports between two dates using the Start date and End date properties. You can also use predefined time intervals such as ",{"type":420,"tag":489,"props":573,"children":574},{},[575],{"type":444,"value":576},"Today so far",{"type":444,"value":578},", ",{"type":420,"tag":489,"props":580,"children":581},{},[582],{"type":444,"value":583},"This Week",{"type":444,"value":578},{"type":420,"tag":489,"props":586,"children":587},{},[588],{"type":444,"value":589},"This Year",{"type":444,"value":591},".",{"type":420,"tag":474,"props":593,"children":595},{"id":594},"time-filtering-️",[596],{"type":444,"value":597},"Time Filtering 🕰️",{"type":420,"tag":447,"props":599,"children":600},{},[601],{"type":444,"value":602},"Using the top bar you can add filters based on hours and seconds. This way you can see all the data in a given time range. Click and drag the mouse to use the top bar.",{"type":420,"tag":474,"props":604,"children":606},{"id":605},"search",[607],{"type":444,"value":608},"Search",{"type":420,"tag":447,"props":610,"children":611},{},[612],{"type":444,"value":613},"Makes it easy to search for data within reports.",{"type":420,"tag":615,"props":616,"children":620},"u-card",{"className":617},[618,619],"mt-4:bg-gray-100","dark:bg-gray-800",[621,627,642,647,652,685,702,708,713],{"type":420,"tag":439,"props":622,"children":624},{"id":623},"how-to-use",[625],{"type":444,"value":626},"How To Use ? 🤔",{"type":420,"tag":447,"props":628,"children":629},{},[630,632,640],{"type":444,"value":631},"Go to ",{"type":420,"tag":633,"props":634,"children":637},"u-badge",{"color":635,"variant":636},"primary","soft",[638],{"type":444,"value":639},"Reports > Report View > Default View",{"type":444,"value":641}," to make various edits to the Report View page.",{"type":420,"tag":474,"props":643,"children":645},{"id":644},"select-report",[646],{"type":444,"value":517},{"type":420,"tag":447,"props":648,"children":649},{},[650],{"type":444,"value":651},"Follow the steps below to add a new report;",{"type":420,"tag":481,"props":653,"children":654},{},[655,664,675],{"type":420,"tag":485,"props":656,"children":657},{},[658,660],{"type":444,"value":659},"Select your device from the ",{"type":420,"tag":633,"props":661,"children":662},{"color":635,"variant":636},[663],{"type":444,"value":510},{"type":420,"tag":485,"props":665,"children":666},{},[667,669,673],{"type":444,"value":668},"Then click on the ",{"type":420,"tag":633,"props":670,"children":671},{"color":635,"variant":636},[672],{"type":444,"value":517},{"type":444,"value":674}," button.",{"type":420,"tag":485,"props":676,"children":677},{},[678,680],{"type":444,"value":679},"Select the report you need from the ",{"type":420,"tag":633,"props":681,"children":682},{"color":635,"variant":636},[683],{"type":444,"value":684},"Report Templates",{"type":420,"tag":686,"props":687,"children":689},"callout",{"icon":688},"i-heroicons-information-circle",[690],{"type":420,"tag":447,"props":691,"children":692},{},[693,695,700],{"type":444,"value":694},"You can access different reports by selecting one of the grouping options. If you want, you can activate the drill down feature by clicking the ",{"type":420,"tag":633,"props":696,"children":697},{"color":635,"variant":636},[698],{"type":444,"value":699},"greater than(>)",{"type":444,"value":701}," button on the left of the table.",{"type":420,"tag":474,"props":703,"children":705},{"id":704},"select-report-many-days",[706],{"type":444,"value":707},"Select Report (Many Days) 🔎",{"type":420,"tag":447,"props":709,"children":710},{},[711],{"type":444,"value":712},"The operations we have done so far only return data for one day. To filter data for a specific day or to filter and search for data between two dates, follow the steps below;",{"type":420,"tag":481,"props":714,"children":715},{},[716,724,750],{"type":420,"tag":485,"props":717,"children":718},{},[719,720],{"type":444,"value":679},{"type":420,"tag":633,"props":721,"children":722},{"color":635,"variant":636},[723],{"type":444,"value":684},{"type":420,"tag":485,"props":725,"children":726},{},[727,729,734,736,741,743,748],{"type":444,"value":728},"Then, select a specific date from the column ",{"type":420,"tag":633,"props":730,"children":731},{"color":635,"variant":636},[732],{"type":444,"value":733},"calendar",{"type":444,"value":735}," in the top left corner. Or you can search between two dates by selecting ",{"type":420,"tag":489,"props":737,"children":738},{},[739],{"type":444,"value":740},"Custom",{"type":444,"value":742}," from the ",{"type":420,"tag":633,"props":744,"children":745},{"color":635,"variant":636},[746],{"type":444,"value":747},"column",{"type":444,"value":749},"date filter menu.",{"type":420,"tag":485,"props":751,"children":752},{},[753,755,759],{"type":444,"value":754},"Then then press the ",{"type":420,"tag":633,"props":756,"children":757},{"color":635,"variant":636},[758],{"type":444,"value":605},{"type":444,"value":760}," button in the top right corner.",{"title":414,"searchDepth":425,"depth":425,"links":762},[763,764,773],{"id":441,"depth":425,"text":445},{"id":464,"depth":425,"text":467,"children":765},[766,768,769,770,771,772],{"id":476,"depth":767,"text":479},3,{"id":528,"depth":767,"text":531},{"id":552,"depth":767,"text":555},{"id":563,"depth":767,"text":566},{"id":594,"depth":767,"text":597},{"id":605,"depth":767,"text":608},{"id":623,"depth":425,"text":626,"children":774},[775,776],{"id":644,"depth":767,"text":517},{"id":704,"depth":767,"text":707},"content:en:4.reports:2.view.md","en/4.reports/2.view.md","en/4.reports/2.view",{"_path":83,"_dir":781,"_draft":413,"_partial":413,"_locale":414,"title":82,"description":782,"body":783,"_type":427,"_id":1529,"_source":429,"_file":1530,"_stem":1531,"_extension":432},"alert","This section provides information about the use of Alert notifications in the Logger software.",{"type":417,"children":784,"toc":1511},[785,791,796,802,808,813,876,882,887,920,926,931,954,960,993,999,1004,1011,1054,1060,1065,1108,1113,1119,1124,1155,1161,1166,1185,1190,1196,1237],{"type":420,"tag":439,"props":786,"children":788},{"id":787},"what-is-alert-module-️",[789],{"type":444,"value":790},"What Is Alert Module ? 🤷‍♂️",{"type":420,"tag":447,"props":792,"children":793},{},[794],{"type":444,"value":795},"Alert module is the real-time threat detection and warning component of the network SIEM system. It analyzes multi-source log data using a rule-based detection engine and detects security events according to predefined rules.",{"type":420,"tag":439,"props":797,"children":799},{"id":798},"rule-management",[800],{"type":444,"value":801},"Rule Management 👨‍💼",{"type":420,"tag":474,"props":803,"children":805},{"id":804},"rule-categories-️",[806],{"type":444,"value":807},"Rule Categories 🏷️",{"type":420,"tag":447,"props":809,"children":810},{},[811],{"type":444,"value":812},"Alert module uses a rule structure categorized according to security scenarios:",{"type":420,"tag":481,"props":814,"children":815},{},[816,826,836,846,856,866],{"type":420,"tag":485,"props":817,"children":818},{},[819,824],{"type":420,"tag":489,"props":820,"children":821},{},[822],{"type":444,"value":823},"Network Security:",{"type":444,"value":825}," Network anomaly and attack pattern detection",{"type":420,"tag":485,"props":827,"children":828},{},[829,834],{"type":420,"tag":489,"props":830,"children":831},{},[832],{"type":444,"value":833},"Data Leakage Prevention:",{"type":444,"value":835}," Data leakage and unauthorized data transfer detection",{"type":420,"tag":485,"props":837,"children":838},{},[839,844],{"type":420,"tag":489,"props":840,"children":841},{},[842],{"type":444,"value":843},"Insider Threats:",{"type":444,"value":845}," Insider threat and reconnaissance activity detection",{"type":420,"tag":485,"props":847,"children":848},{},[849,854],{"type":420,"tag":489,"props":850,"children":851},{},[852],{"type":444,"value":853},"Authentication & Access:",{"type":444,"value":855}," Authentication anomaly and privilege escalation detection",{"type":420,"tag":485,"props":857,"children":858},{},[859,864],{"type":420,"tag":489,"props":860,"children":861},{},[862],{"type":444,"value":863},"Malware & Threats:",{"type":444,"value":865}," Malware communication and suspicious process detection",{"type":420,"tag":485,"props":867,"children":868},{},[869,874],{"type":420,"tag":489,"props":870,"children":871},{},[872],{"type":444,"value":873},"Custom Rule:",{"type":444,"value":875}," You can create categories manually",{"type":420,"tag":474,"props":877,"children":879},{"id":878},"rule-status",[880],{"type":444,"value":881},"Rule Status ၊၊||၊",{"type":420,"tag":447,"props":883,"children":884},{},[885],{"type":444,"value":886},"Rules can exist in three basic states:",{"type":420,"tag":481,"props":888,"children":889},{},[890,900,910],{"type":420,"tag":485,"props":891,"children":892},{},[893,898],{"type":420,"tag":489,"props":894,"children":895},{},[896],{"type":444,"value":897},"Active:",{"type":444,"value":899}," Rule is actively monitoring",{"type":420,"tag":485,"props":901,"children":902},{},[903,908],{"type":420,"tag":489,"props":904,"children":905},{},[906],{"type":444,"value":907},"Inactive:",{"type":444,"value":909}," Rule defined but not working",{"type":420,"tag":485,"props":911,"children":912},{},[913,918],{"type":420,"tag":489,"props":914,"children":915},{},[916],{"type":444,"value":917},"Template:",{"type":444,"value":919}," Ready-made template, ready to customize",{"type":420,"tag":474,"props":921,"children":923},{"id":922},"template-system",[924],{"type":444,"value":925},"Template System 📌",{"type":420,"tag":447,"props":927,"children":928},{},[929],{"type":444,"value":930},"The template system provides a collection of ready-made rules that reflect the best practices of the security community. Its template:",{"type":420,"tag":481,"props":932,"children":933},{},[934,939,944,949],{"type":420,"tag":485,"props":935,"children":936},{},[937],{"type":444,"value":938},"Optimized vendor-specific log format",{"type":420,"tag":485,"props":940,"children":941},{},[942],{"type":444,"value":943},"Comes with pre-configured risk scoring",{"type":420,"tag":485,"props":945,"children":946},{},[947],{"type":444,"value":948},"Includes production-ready sensing logic",{"type":420,"tag":485,"props":950,"children":951},{},[952],{"type":444,"value":953},"Ready for immediate deployment",{"type":420,"tag":474,"props":955,"children":957},{"id":956},"template-examples-️",[958],{"type":444,"value":959},"Template Examples ✍️",{"type":420,"tag":481,"props":961,"children":962},{},[963,973,983],{"type":420,"tag":485,"props":964,"children":965},{},[966,971],{"type":420,"tag":489,"props":967,"children":968},{},[969],{"type":444,"value":970},"AnomalousAPI:",{"type":444,"value":972}," Detects API abuse patterns. Captures excessive API call frequency, unusual endpoint access and potential scraping activities",{"type":420,"tag":485,"props":974,"children":975},{},[976,981],{"type":420,"tag":489,"props":977,"children":978},{},[979],{"type":444,"value":980},"ConsistentBeaconing:",{"type":444,"value":982}," Detects regular network connectivity patterns that indicate malware command and control communications",{"type":420,"tag":485,"props":984,"children":985},{},[986,991],{"type":420,"tag":489,"props":987,"children":988},{},[989],{"type":444,"value":990},"ExcessiveFileDownloads:",{"type":444,"value":992}," Monitors data hoarding and unauthorized bulk data collection activities",{"type":420,"tag":474,"props":994,"children":996},{"id":995},"custom-rule-engine",[997],{"type":444,"value":998},"Custom Rule Engine 🔧",{"type":420,"tag":447,"props":1000,"children":1001},{},[1002],{"type":444,"value":1003},"The custom rule engine offers a comprehensive configuration interface for flexible rule creation.",{"type":420,"tag":1005,"props":1006,"children":1008},"h4",{"id":1007},"rule-components",[1009],{"type":444,"value":1010},"Rule Components 🔩",{"type":420,"tag":481,"props":1012,"children":1013},{},[1014,1024,1034,1044],{"type":420,"tag":485,"props":1015,"children":1016},{},[1017,1022],{"type":420,"tag":489,"props":1018,"children":1019},{},[1020],{"type":444,"value":1021},"Basic Configuration:",{"type":444,"value":1023}," Basic definition is made with rule name, description and source selection. Source selection determines which vendor log flows will be analyzed.",{"type":420,"tag":485,"props":1025,"children":1026},{},[1027,1032],{"type":420,"tag":489,"props":1028,"children":1029},{},[1030],{"type":444,"value":1031},"Risk Scoring:",{"type":444,"value":1033}," Dynamic scoring system between 1-10. Score determines alert priority and response strategy.",{"type":420,"tag":485,"props":1035,"children":1036},{},[1037,1042],{"type":420,"tag":489,"props":1038,"children":1039},{},[1040],{"type":444,"value":1041},"Column Filters:",{"type":444,"value":1043}," Multi-conditional filtering system. Complex condition sets can be created with logical operators.",{"type":420,"tag":485,"props":1045,"children":1046},{},[1047,1052],{"type":420,"tag":489,"props":1048,"children":1049},{},[1050],{"type":444,"value":1051},"Aggregation Operations:",{"type":444,"value":1053}," Time window based calculations. Trend analysis is done with operations such as count, sum, average.",{"type":420,"tag":474,"props":1055,"children":1057},{"id":1056},"filter-system-️",[1058],{"type":444,"value":1059},"Filter System 🌪️",{"type":420,"tag":447,"props":1061,"children":1062},{},[1063],{"type":444,"value":1064},"The filter engine uses field-based conditional logic:",{"type":420,"tag":481,"props":1066,"children":1067},{},[1068,1078,1088,1098],{"type":420,"tag":485,"props":1069,"children":1070},{},[1071,1076],{"type":420,"tag":489,"props":1072,"children":1073},{},[1074],{"type":444,"value":1075},"Equal/Inequal:",{"type":444,"value":1077}," Exact match conditions",{"type":420,"tag":485,"props":1079,"children":1080},{},[1081,1086],{"type":420,"tag":489,"props":1082,"children":1083},{},[1084],{"type":444,"value":1085},"Includes/Excludes:",{"type":444,"value":1087}," Pattern matching",{"type":420,"tag":485,"props":1089,"children":1090},{},[1091,1096],{"type":420,"tag":489,"props":1092,"children":1093},{},[1094],{"type":444,"value":1095},"Empty/Not Empty:",{"type":444,"value":1097}," Field entity validation",{"type":420,"tag":485,"props":1099,"children":1100},{},[1101,1106],{"type":420,"tag":489,"props":1102,"children":1103},{},[1104],{"type":444,"value":1105},"Bigger/Smaller:",{"type":444,"value":1107}," Numerical comparisons",{"type":420,"tag":447,"props":1109,"children":1110},{},[1111],{"type":444,"value":1112},"Multiple filters can be combined with AND/OR logic.",{"type":420,"tag":474,"props":1114,"children":1116},{"id":1115},"aggregation-engine",[1117],{"type":444,"value":1118},"Aggregation Engine 🔗",{"type":420,"tag":447,"props":1120,"children":1121},{},[1122],{"type":444,"value":1123},"Aggregation engine for time series analysis:",{"type":420,"tag":447,"props":1125,"children":1126},{},[1127,1132,1134,1139,1141,1146,1148,1153],{"type":420,"tag":489,"props":1128,"children":1129},{},[1130],{"type":444,"value":1131},"Time Windows:",{"type":444,"value":1133}," Configurable analysis periods\n",{"type":420,"tag":489,"props":1135,"children":1136},{},[1137],{"type":444,"value":1138},"Totalizer Functions:",{"type":444,"value":1140}," Count, sum, average, min, max operations\n",{"type":420,"tag":489,"props":1142,"children":1143},{},[1144],{"type":444,"value":1145},"Grouping Fields:",{"type":444,"value":1147}," Field-based grouping for event categorization\n",{"type":420,"tag":489,"props":1149,"children":1150},{},[1151],{"type":444,"value":1152},"Threshold Conditions:",{"type":444,"value":1154}," Numerical thresholds for trigger points",{"type":420,"tag":439,"props":1156,"children":1158},{"id":1157},"alert-processing",[1159],{"type":444,"value":1160},"Alert Processing❗",{"type":420,"tag":447,"props":1162,"children":1163},{},[1164],{"type":444,"value":1165},"The alert processing pipeline operates in three stages:",{"type":420,"tag":1167,"props":1168,"children":1169},"ol",{},[1170,1175,1180],{"type":420,"tag":485,"props":1171,"children":1172},{},[1173],{"type":444,"value":1174},"Event Retrieval Multi-source log collection and normalization",{"type":420,"tag":485,"props":1176,"children":1177},{},[1178],{"type":444,"value":1179},"Rule Evaluation: Real-time rule matching and condition checking",{"type":420,"tag":485,"props":1181,"children":1182},{},[1183],{"type":444,"value":1184},"Alert Generation: Risk scoring and notification triggering",{"type":420,"tag":447,"props":1186,"children":1187},{},[1188],{"type":444,"value":1189},"The processing engine uses in-memory operations for low latency and can handle high throughput log volumes.",{"type":420,"tag":439,"props":1191,"children":1193},{"id":1192},"use-cases-️",[1194],{"type":444,"value":1195},"Use Cases ✍️",{"type":420,"tag":447,"props":1197,"children":1198},{},[1199,1204,1206,1210,1215,1217,1220,1225,1227,1230,1235],{"type":420,"tag":489,"props":1200,"children":1201},{},[1202],{"type":444,"value":1203},"Network Anomaly Detection:",{"type":444,"value":1205}," Detects unusual traffic patterns, port scanning, lateral movement activities.",{"type":420,"tag":1207,"props":1208,"children":1209},"br",{},[],{"type":420,"tag":489,"props":1211,"children":1212},{},[1213],{"type":444,"value":1214},"Data Loss Prevention:",{"type":444,"value":1216}," Monitors excessive file downloads, unauthorized data access, bulk data transfer patterns.",{"type":420,"tag":1207,"props":1218,"children":1219},{},[],{"type":420,"tag":489,"props":1221,"children":1222},{},[1223],{"type":444,"value":1224},"Insider Threat Detection:",{"type":444,"value":1226}," Captures privilege escalation, reconnaissance activities, off-hours access patterns.",{"type":420,"tag":1207,"props":1228,"children":1229},{},[],{"type":420,"tag":489,"props":1231,"children":1232},{},[1233],{"type":444,"value":1234},"Compliance Monitoring:",{"type":444,"value":1236}," Provides audit trail generation and violation detection for regulatory requirements.",{"type":420,"tag":615,"props":1238,"children":1240},{"className":1239},[618,619],[1241,1245,1255,1261,1266,1427,1437,1441,1447,1452],{"type":420,"tag":439,"props":1242,"children":1243},{"id":623},[1244],{"type":444,"value":626},{"type":420,"tag":447,"props":1246,"children":1247},{},[1248,1250],{"type":444,"value":1249},"To create a rule on the Alert page, go to ",{"type":420,"tag":633,"props":1251,"children":1252},{"color":635,"variant":636},[1253],{"type":444,"value":1254},"Alert > Rule Management",{"type":420,"tag":474,"props":1256,"children":1258},{"id":1257},"create-custom-rule",[1259],{"type":444,"value":1260},"Create Custom Rule",{"type":420,"tag":447,"props":1262,"children":1263},{},[1264],{"type":444,"value":1265},"Follow the steps below to create a custom rule;",{"type":420,"tag":481,"props":1267,"children":1268},{},[1269,1286,1312,1331,1362,1401],{"type":420,"tag":485,"props":1270,"children":1271},{},[1272,1273,1278,1280,1285],{"type":444,"value":631},{"type":420,"tag":633,"props":1274,"children":1275},{"color":635,"variant":636},[1276],{"type":444,"value":1277},"Create New > Create Custom > Custom Rule",{"type":444,"value":1279}," and then click ",{"type":420,"tag":633,"props":1281,"children":1282},{"color":635,"variant":636},[1283],{"type":444,"value":1284},"Add",{"type":444,"value":674},{"type":420,"tag":485,"props":1287,"children":1288},{},[1289,1291,1296,1298,1303,1305,1310],{"type":444,"value":1290},"Write a ",{"type":420,"tag":633,"props":1292,"children":1293},{"color":635,"variant":636},[1294],{"type":444,"value":1295},"name",{"type":444,"value":1297}," and ",{"type":420,"tag":633,"props":1299,"children":1300},{"color":635,"variant":636},[1301],{"type":444,"value":1302},"description",{"type":444,"value":1304}," for the rule, then make sure the rule is in ",{"type":420,"tag":633,"props":1306,"children":1307},{"color":635,"variant":636},[1308],{"type":444,"value":1309},"Active",{"type":444,"value":1311}," state.",{"type":420,"tag":485,"props":1313,"children":1314},{},[1315,1317,1322,1324,1329],{"type":444,"value":1316},"Then select your data source in the ",{"type":420,"tag":633,"props":1318,"children":1319},{"color":635,"variant":636},[1320],{"type":444,"value":1321},"sources",{"type":444,"value":1323}," section and select the number of ",{"type":420,"tag":633,"props":1325,"children":1326},{"color":635,"variant":636},[1327],{"type":444,"value":1328},"scores",{"type":444,"value":1330}," at the bottom.",{"type":420,"tag":485,"props":1332,"children":1333},{},[1334,1336,1341,1343,1347,1349,1354,1356,1360],{"type":444,"value":1335},"In the ",{"type":420,"tag":633,"props":1337,"children":1338},{"color":635,"variant":636},[1339],{"type":444,"value":1340},"Column Filters",{"type":444,"value":1342}," section, select ",{"type":420,"tag":633,"props":1344,"children":1345},{"color":635,"variant":636},[1346],{"type":444,"value":747},{"type":444,"value":1348},", then ",{"type":420,"tag":633,"props":1350,"children":1351},{"color":635,"variant":636},[1352],{"type":444,"value":1353},"operator",{"type":444,"value":1355}," and enter the appropriate ",{"type":420,"tag":633,"props":1357,"children":1358},{"color":635,"variant":636},[1359],{"type":444,"value":1340},{"type":444,"value":1361},"value for this scenario.",{"type":420,"tag":485,"props":1363,"children":1364},{},[1365,1366,1371,1373,1378,1380,1385,1387,1392,1394,1399],{"type":444,"value":1335},{"type":420,"tag":633,"props":1367,"children":1368},{"color":635,"variant":636},[1369],{"type":444,"value":1370},"Aggregate Operations",{"type":444,"value":1372}," section, enter an In the ",{"type":420,"tag":633,"props":1374,"children":1375},{"color":635,"variant":636},[1376],{"type":444,"value":1377},"Aggregator Name",{"type":444,"value":1379},". Then select In the ",{"type":420,"tag":633,"props":1381,"children":1382},{"color":635,"variant":636},[1383],{"type":444,"value":1384},"Field",{"type":444,"value":1386}," and select the ",{"type":420,"tag":633,"props":1388,"children":1389},{"color":635,"variant":636},[1390],{"type":444,"value":1391},"Operation",{"type":444,"value":1393}," appropriate for the Field. Finally, select the appropriate ",{"type":420,"tag":633,"props":1395,"children":1396},{"color":635,"variant":636},[1397],{"type":444,"value":1398},"Time Windows",{"type":444,"value":1400}," duration for this scenario.",{"type":420,"tag":485,"props":1402,"children":1403},{},[1404,1406,1410,1412,1417,1419,1422,1424],{"type":444,"value":1405},"Finally, you can click the ",{"type":420,"tag":633,"props":1407,"children":1408},{"color":635,"variant":636},[1409],{"type":444,"value":1284},{"type":444,"value":1411}," button in the top ",{"type":420,"tag":633,"props":1413,"children":1414},{"color":635,"variant":636},[1415],{"type":444,"value":1416},"right corner",{"type":444,"value":1418}," and save the rule.",{"type":420,"tag":1207,"props":1420,"children":1421},{},[],{"type":444,"value":1423},"\n   ",{"type":420,"tag":1207,"props":1425,"children":1426},{},[],{"type":420,"tag":447,"props":1428,"children":1429},{},[1430,1435],{"type":420,"tag":489,"props":1431,"children":1432},{},[1433],{"type":444,"value":1434},"For Exemple:",{"type":444,"value":1436},"\nIn this example, the alert system will generate an alarm if there are failed SSH attempts within 60 seconds.",{"type":420,"tag":1438,"props":1439,"children":1440},"siem-rule-builder",{},[],{"type":420,"tag":474,"props":1442,"children":1444},{"id":1443},"create-from-template",[1445],{"type":444,"value":1446},"Create From Template",{"type":420,"tag":447,"props":1448,"children":1449},{},[1450],{"type":444,"value":1451},"Follow the steps below to create a new rule using a ready-made template;",{"type":420,"tag":481,"props":1453,"children":1454},{},[1455,1477],{"type":420,"tag":485,"props":1456,"children":1457},{},[1458,1459,1464,1465,1470,1472,1476],{"type":444,"value":631},{"type":420,"tag":633,"props":1460,"children":1461},{"color":635,"variant":636},[1462],{"type":444,"value":1463},"Create New > Create from template",{"type":444,"value":591},{"type":420,"tag":633,"props":1466,"children":1467},{"color":635,"variant":636},[1468],{"type":444,"value":1469},"The Rule Templates",{"type":444,"value":1471}," page will welcome you. Select the template you need from this page and click the ",{"type":420,"tag":633,"props":1473,"children":1474},{"color":635,"variant":636},[1475],{"type":444,"value":1284},{"type":444,"value":674},{"type":420,"tag":485,"props":1478,"children":1479},{},[1480,1482,1486,1488],{"type":444,"value":1481},"The predefined rule template for you will appear in detail. You can edit it on this page if you want or you can leave it as default and click the ",{"type":420,"tag":633,"props":1483,"children":1484},{"color":635,"variant":636},[1485],{"type":444,"value":1284},{"type":444,"value":1487}," button.\n",{"type":420,"tag":686,"props":1489,"children":1491},{"icon":1490},"i-heroicons-exclamation-triangle",[1492],{"type":420,"tag":447,"props":1493,"children":1494},{},[1495,1497,1506,1508],{"type":444,"value":1496},"After finishing the rule definitions in the Alert module, you need to bind the alerts to a policy in the notification policy section. Go to the ",{"type":420,"tag":1498,"props":1499,"children":1503},"a",{"href":1500,"rel":1501},"http://localhost:3000/en/alert/notification-policy",[1502],"nofollow",[1504],{"type":444,"value":1505},"notification policy",{"type":444,"value":1507}," document for these operations.",{"type":420,"tag":1207,"props":1509,"children":1510},{},[],{"title":414,"searchDepth":425,"depth":425,"links":1512},[1513,1514,1523,1524,1525],{"id":787,"depth":425,"text":790},{"id":798,"depth":425,"text":801,"children":1515},[1516,1517,1518,1519,1520,1521,1522],{"id":804,"depth":767,"text":807},{"id":878,"depth":767,"text":881},{"id":922,"depth":767,"text":925},{"id":956,"depth":767,"text":959},{"id":995,"depth":767,"text":998},{"id":1056,"depth":767,"text":1059},{"id":1115,"depth":767,"text":1118},{"id":1157,"depth":425,"text":1160},{"id":1192,"depth":425,"text":1195},{"id":623,"depth":425,"text":626,"children":1526},[1527,1528],{"id":1257,"depth":767,"text":1260},{"id":1443,"depth":767,"text":1446},"content:en:5.alert:1.rule-management.md","en/5.alert/1.rule-management.md","en/5.alert/1.rule-management",1775654251490]