Embedded Files
Getting started - First Login
Getting started - First Login
At first login you will need to choose one of the providers that your organization uses and your account has been created on.
The credentials are based on your organization policy so just use your connection method.
After a successful Login You will see the loading screen. When the sync finishes you will need to choose your company name.
Choose your company from the List “Customer”, and click Save.
Main Screen Introduction
Main Screen Introduction
At the bottom of the main screen, you will see 3 Tabs
Summary
Summary
At this screen, you can see a pie chart of all your alerts and perform a drill down to see specific alerts and get information about it.
Security Alerts
Security Alerts
In this screen, you can see all your Security alerts and take action by clicking on one of the alerts.
Audit Alerts
Audit Alerts
In this screen, you can see all your Audit alerts (Logins / users enabled / users created ETC…) and take action by clicking on one of the alerts.
Options Menu
Options Menu
Hosts
Hosts
On the Hosts screen, you will see a table of host names from your organization and an alerts count. You can perform a drill down to get more information about a specific host name and see what kind of alerts were triggered on it.
Users
Users
On the Users screen you will see a table of Users from your organization and an alerts count. You can perform a drill down for getting more information about a specific username and see what kind of alerts were triggered on it.
Report (New Feature Coming soon)
Report (New Feature Coming soon)
You have the option to generate reports to get more visibility on your company in many different aspects.
Active Rules
Active Rules
This is a rule (alert) list based on products that are being monitored from your organization. you can perform some useful actions from a specific alert.
Such as see number of times this alert has been triggered, change the stage of the alert and more.
Connectors
Connectors
Showing a list of connectors that report logs.
Connected Products
Connected Products
List of connected products that are being monitored.
Configuration
Configuration
From this screen you have the ability to edit your company’s information, add monitoring computers / groups / users, set a list of suspicious countries, add or modify the information by yourself even after the POC finishes.
App Config
App Config
From this screen you can decide what kind of content you want to see in your alert lists. Just click on the “Edit” icon and set your preferences.
Alert Sort Field
Received Time - Will sort alerts by the time the alert was received in the application.
Event Time - Will sort the alerts by the time the alerts were triggered in the computer.
Score - Will sort the alerts by score count.
Show Unread Alerts Only
All Alerts - Will show you all the alerts.
Unread Only - Will show the alerts that haven't been touched yet.
Show Mark as Deleted Alerts
Choose to show or not to show the alerts that you have marked as deleted.
Retention
Set the amount of days to show or not to show the marked as deleted alerts.
Settings(For Entities with few customers to monitor)
Settings(For Entities with few customers to monitor)
You have the option to choose between your monitored customers.
Alert action Buttons
Alert action Buttons
Exclusions
Exclusions
Choose which field/s you want to exclude from this kind of alerts so they won't trigger again.
We suggest writing down a comment so that in the future you can read it and remember why you did it.
If you don't see an exclusion option that you want to exclude, just click on a”Report a feedback” and write down what you want to add. We will check and reply to you with an answer.
Verdict
Verdict
Set a verdict to an alert to mark it based on how you decide to react on this alert.
This action will remove the alert from the alert list if you set in the “app config” option to sort by “unread only”.
Verdict will affect all application users.
Mark as read
Mark as read
This option will mark this alert as read and will remove it from the alert list if you set in the “app config” option to sort by “unread only”.
Mark as read will affect only you.
Report a feedback
Report a feedback
From here you can write to us about any missing data or suggestions to add information etc…
Mark as Delete
Mark as Delete
Will mark the alert as delete and the effect will be based on you preferences in the “App config - Show Mark as Deleted Alerts” option.
Alert Information
Alert Information
In Alert information you can make actions based on a specific alert such as:
See the count of how much this alert was triggered and make a drill down to investigate.
See a rule description
Change a rule stage.
Check the related exclusion list.
To access Alert information just click on the alert, and click on the alert name again.
Custom Rule (Alert) Staging
Custom Rule (Alert) Staging
You have the ability to change a stage to every rule (alert).
By default the alerts that have been triggered are in the “Active” stage.
If you want to stop getting a specific alert from some reason follow the next steps:
Get in to the alert
Click on the alert name again.
Under “Rule Information” you can see “Custom Rule Stage”
Click on “Add”
Choose one of the following:
Active - will make inactive rule active.
Tune - meaning that the alert is incorrect and needs to be tuned.
Info - will stop the alerts from being triggered in the application.
Customization - meaning that we need to exclude some values to lower the count of these alerts.
Add a comment so we understand why you have changed the stage.
Click Save.
Related Exclusions
Related Exclusions
From here you can see all the exclusions made in a specific alert.
to access this list follow the next steps:
Get in to the alert
Click on the alert name again.
Under “Rule Information” scroll down until you see “Related Exclusions”
If an exclusion been made in this alert you will see a list of them and a button “View”
From here you can check the exclusions that have been made and by who.
Rule description
Rule description
You can find a rule description by following the steps:
Get in to the alert
Click on the alert name again.
Under “Rule Information” scroll down to the bottom until you see “Rule Information”.
Click on the rule name and you will see a description of this alert.
Thank you for using our application, we are working hard to make it easy to use.
If you have any questions, concerns or feedbacks we will be more than happy to answer them, just let us know in the following email:
mobulasupport@cyray.io
Page updated
Report abuse