Monitor Events
open-appsec provides three views for monitoring system events:
Graphical Dashboard - graphical view of security events with Critical & High severity.
Important Events - tabular view of security events with Critical & High severity.
Notifications - tabular view of administrative system events.
Graphical Dashboard
The AppSec Dashboard is a single-pane view of important security events.
To reach the dashboard select Monitor, then AppSec Dashboard in the main menu.
Controls in the dashboard are clickable and will allow you to drill down and see granular event details.
Following is a description of the Dashboard sections:
You can right click on Dashboard items to drill down as well as "filter in" or "filter out":
Event Views
The Events view provides a tabular view of events with ability to select granular filter options (left pane in the image below), search queries and Time ranges.
Event Cards
When you double click on an event, a card shows details about the specific event.
Examples:
Time filters
You can filter events based on time ranges by clicking the time filter selector at the top left corner.
Event Query Language
CloudGuard AppSec features an extensive event query language. For more details see here:
Notifications
When browsing to Monitor->Notifications a specific log view is shown.
This view includes notifications to the user about an issue and a remediation action item, usually regarding detection of a configuration or environment issue open-appsec has detected around it.
The Log view includes a "Remediation" column where the instructions will be shown.
Urgent notifications, if there are any, will appear on the top bar of the application in any page, leading to this page for additional information.
Last updated
