SEM Console
The SEM Console includes a toolbar that provides additional views with details about your deployment.
These views include:
Dashboard
Access the SEM Dashboard to highlight and summarize trends and suspicious activity through a series of interactive widgets. You can create, edit, and arrange widgets to display log data in a variety of tables and graphs based on filters within your Events viewer. Upon initial login, the SEM Dashboard appears by default.
See SEM Dashboard for more information.
Live Events
Live Events display all live event data that is passing through a particular SEM Manager instance. Use this view to monitor real-time events as they occur in your deployment.
Within the console view, you can switch between live and historical event views based on user-defined date and time parameters. All established SEM Monitor filters are accessible on the SEM Console Filters pane.
See Live Events view for more information.
Historical Events
Historical Events provide historical record archives for in-depth analysis and troubleshooting. You can use the historical data search to conduct custom searches, investigate your search results and event data, and then act on your findings. You can create and save a search query, as well as generate reports for each query.
Within the console view, you can switch between historical and live event views based on user-defined date and time parameters. All established SEM Monitor filters are accessible on the SEM Console Filters pane.
See Analyze Historical data for more information.
Rules
Rules monitor event traffic and automatically respond to security events in real time, whether you are monitoring the console or not. When an event (or a series of events) meets a rule condition, the rule prompts the SEM manager to act. A response action can be discreet (for example, sending a notification to select users by email), or active (for example, blocking an IP address or stopping a process).
See Create rules that respond to security events for more information.
Configure
Configure provides a lists of options you can use to configure the SEM Console.
Using the Configure menu selections, you can add agent nodes, configure connectors and connector profiles, and then monitor activity on the SEM Console. After you configure the nodes and connectors, click the Events tab to view your network activity. Here, you can create and apply filters to tailor your log feed to view event logs vital to maintaining the health of your network environment.
See Create rules that respond to security events for more information.
The following table lists the options (in alphabetical order) that are available in the Configure menu.
Option | Description |
---|---|
Connector profiles |
Displays a list of all connector profiles. You can refine the list by modification type and create a new connector profile. |
Directory service groups | Displays a list of all directory service groups. You can import a directory service group, synchronize all groups, and refine the list by creator, last synchronized time, connection, and LDAP status. |
Email templates |
Displays a list of email templates used for notifications when triggered as a response in a custom rule. You can create a new email template and refine the list by last user modification and last modification time. You can use email templates to customize your email notifications when triggered as responses in your custom rules. An email template includes static and dynamic text (or parameters). The static text lets you customize the message body of the email. The dynamic text is pulled from the original event that caused the rule to fire. |
Event groups | Displays a list of all event groups used in SEM. Event groups allow you to group similar events together into a single category to initiate a specific event filter, rule, or condition. You can create and import event groups, and export the existing or refined list to a JSON file. |
Manager connectors | Displays a list of all configured connectors. You can refine the list by status, type, or category. |
Nodes |
Displays a list of all agent nodes. You can refine the nodes list by category, add an agent node, and export a list of nodes to a CSV file. |
Tags management | Displays a list of all tags used in SEM. You can add a new tag and refine the list by tag category and application. |
Time of day groups | Displays groups of hours that you associate with rules and filters to execute different actions at different times of the day. |
Users | Displays a list of all users configured in SEM. You can add a new user and refine the user list by type, activity, role, and the last login. |
User defined groups |
Displays a list of all groups created by authorized SEM users. You can create a new group and refine the list by last modification user and modification time. You can create user-defined groups to organize related elements for use with rules and filters. Groups can contain elements such as events, IP addresses, computer names, and user accounts. After you define a group, it can be referenced from multiple rules and filters. |