Documentation forSecurity Event Manager

Open nDepth search in SEM

To conduct custom searches on the SEM Console, choose Explore > nDepth. Log in as an administrator or auditor to use nDepth.

By default, the nDepth search period includes the last 10 minutes. Specifically, the search period starts at the time you open nDepth, and stops 10 minutes prior.

The following illustration provides an overview of the nDepth view.

Number Item Description
1 History Displays links to your recent nDepth search results.
2 Saved Searches Displays links to your saved nDepth search results.
3 List pane Displays categorized lists of events, event groups, event variables, and additional options you can use to create conditions for your filters.
4 Search bar Searches all event data or the original log messages that pass through a SEM Manager. Drag the toggle switch to select Drag & Drop or Text Search mode.
5 Respond Displays a list of corrective actions you can execute when an event occurs, such as shutting down a workstation or blocking an IP address.
6 Explore Displays several utilities you can use to research an event, including Whois, Traceroute, and NSlookup.
7 Time Provides a drop-down menu to select the time range for your search.
8 Play Executes the selected search.
9 Histogram

Displays the number of events or log messages reported within the selected search time range.

10 Dashboard

Displays the search results in all available widgets. You can change this view by clicking a widget in the nDepth toolbar.

The icon indicates you are exploring event data. The icon indicates you are exploring log messages.

11 nDepth toolbar Organizes log data into categories to identify activity in your network. Click a selection to display the category below the histogram.

Open nDepth from another data source

You can open nDepth from an existing data source, such as an event field or another explorer (such as NSLookup, Whois, Traceroute, and Flow) to search for similar events and data.

  1. Select the data you want to explore using one of the following methods:
    • In the Monitor view event grid, select the event row or field you want to explore.
    • In the Event Details pane, event map, or event grid, click the item or field you want to explore.
  2. From the Explore drop-down list on the Events grid, select nDepth.

    The nDepth screen appears, and the nDepth search box contains the event or event field you are exploring.

    When you initiate an nDepth search from Monitor view, nDepth automatically searches all hosts and sources for every instance of the selected event field that has occurred within a ten-minute period around the event that you are exploring. This way, you can identify similar events that occurred before and after the event you are exploring.