Documentation forSecurity Event Manager

Navigate the SEM Console

The SEM Console includes a toolbar that provides additional views with details about your deployment.

These views include:

Dashboard

After you log in to the SEM Console, the SEM Dashboard (formerly SEM Ops Center) displays by default.

The dashboard allows you to visualize the network and log data in your corporate environment. Access the dashboard to highlight and summarize trends and suspicious activity through a series of interactive widgets. You can create, edit, and arrange widgets to display log data in a variety of tables and graphs based on filters within your Events viewer.

See SEM Dashboard in the SEM Administrator Guide for more information.

Live and Historical Events

Within the console view, you can switch between real-time event streaming and historical log views based on user-defined date and time parameters. In addition to live and historical keyword search options, all established SEM Monitor filters are accessible on the SEM Console Filters pane.

Live Events

The Live Events view provides instant access to live event monitoring for in-depth analysis and troubleshooting.

The Events table displays the events that exist for your selected filter. The title bar displays the name of the filter currently selected in the Filters pane. Events that match the selected filter are displayed as they occur if the Live Mode switch above the table is on. When set to off, the feed is frozen and the number of undisplayed event messages is displayed alongside the filter name.

The Filters pane displays the filters that can be applied to the event messages. To apply a filter, click to expand a filter group, and click on the filter. The events table title changes to the name of the filter and the table is refreshed to displays the incoming events matching the filter conditions.

See Live Events view in the SEM Administrator Guide for more information.

Historical Events

The Historical Events view displays any event data that has passed through a particular SEM Manager instance.

You can use the historical data search to conduct custom searches, investigate your search results and event data, and then act on your findings. Additionally, you can switch between real-time event streaming and historical log views based on user-defined date and time parameters.

See Analyze Historical data in the SEM Administrator Guide for more information.

Rules

Rules monitor event traffic and automatically respond to security events in real time, whether you are monitoring the console or not.

When an event (or a series of events) meets a rule condition, the rule prompts the SEM manager to act. A response action can be discreet (for example, sending a notification to select users by email), or active (for example, blocking an IP address or stopping a process).

See Create rules that respond to security events in the SEM Administrator Guide for more information.

Nodes

Through the HTML5-based node management feature, you can add agent nodes, configure connectors and connector profiles, and then monitor activity on the SEM Console.

After you configure the node and connector, click the Events tab to view your network activity. When you are finished, you can create and apply filters to tailor your log feed to view event logs vital to maintaining the health of your network environment.

See Manage the monitored nodes in the SEM Administrator Guide for more information.

Configuration

Rules monitor event traffic and automatically respond to security events in real time, whether you are monitoring the console or not. When an event (or a series of events) meets a rule condition, the rule prompts the SEM manager to act. A response action can be discreet (for example, sending a notification to select users by email), or active (for example, blocking an IP address or stopping a process).

See Create rules that respond to security events in the SEM Administrator Guide for more information.

User-defined groups and email templates

From the Groups tab, create user-defined groups to organize related elements for use with rules and filters.

Groups can contain elements such as events, IP addresses, computer names, and user accounts. After a group is defined, it can be referenced from multiple rules and filters.

See Create user defined groups in the SEM Administrator Guide for more information.

You can use email templates to customize your email notifications when triggered as responses in your custom rules.

An email template includes static and dynamic text (or parameters). The static text lets you customize the message body of the email. The dynamic text is filled in from the original event that caused the rule to fire.

See Create email templates for use with SEM rules in the SEM Administrator Guide for more information.