Navigate the SEM Console
The SEM Console includes a toolbar that provides additional views with details about your deployment.
These views include:
Dashboard
After you log in to the SEM Console, the SEM Dashboard (formerly SEM Ops Center) displays by default. Click Dashboard in the toolbar to access this view.
The dashboard allows you to visualize the network and log data in your corporate environment. Access the dashboard to highlight and summarize trends and suspicious activity through a series of interactive widgets. You can create, edit, and arrange widgets to display log data in a variety of tables and graphs based on filters within your Events viewer.
See SEM Dashboard in the SEM Administrator Guide for more information.
Live Events
The Live Events view provides instant access to live event monitoring for in-depth analysis and troubleshooting. Click Live Events in the toolbar to access this view. .
The Events table displays the events that exist for your selected filter. The title bar displays the name of the filter currently selected in the Filters pane. Events that match the selected filter are displayed as they occur if the Live Mode switch above the table is on. When set to off, the feed is frozen and the number of undisplayed event messages is displayed alongside the filter name.
The Filters pane displays the filters that can be applied to the event messages. To apply a filter, click to expand a filter group, and click on the filter. The events table title changes to the name of the filter and the table is refreshed to displays the incoming events matching the filter conditions.
See Live Events view in the SEM Administrator Guide for more information.
Historical Events & Reports
The Historical Events view displays any event data that passed through a particular SEM Manager instance. Click Historical Events & Reports to access this view.
You can use the historical data search to conduct custom searches, investigate your search results and event data, and then act on your findings. Additionally, you can switch between real-time event streaming and historical log views based on user-defined date and time parameters.
Click the Options drop-down menu to:
-
Save and name a new query
-
Generate a report in CSV or PDF format
-
Save, name, and schedule a new query
See Analyze Historical data in the SEM Administrator Guide for more information.
Rules
Rules monitor event traffic and automatically respond to security events in real time, whether you are monitoring the console or not. Click Rules in the toolbar to access this view.
When an event (or a series of events) meets a rule condition, the rule prompts the SEM manager to act. A response action can be discreet (for example, sending a notification to select users by email), or active (for example, blocking an IP address or stopping a process).
See Create rules that respond to security events in the SEM Administrator Guide for more information.
Nodes
Through the HTML5-based node management feature, you can add agent nodes, configure connectors and connector profiles, and then monitor activity on the SEM Console. Click Configure > Nodes in the toolbar to access this view.
After you configure the node and connector, click the Events tab to view your network activity. When you are finished, you can create and apply filters to tailor your log feed to view event logs vital to maintaining the health of your network environment.
See Manage the monitored nodes in the SEM Administrator Guide for more information.
Configuration
Rules monitor event traffic and automatically respond to security events in real time, whether you are monitoring the console or not. When an event (or a series of events) meets a rule condition, the rule prompts the SEM manager to act. A response action can be discreet (for example, sending a notification to select users by email), or active (for example, blocking an IP address or stopping a process).
See Create rules that respond to security events in the SEM Administrator Guide for more information.
User-defined groups and email templates
From the Groups tab, create user-defined groups to organize related elements for use with rules and filters. Click Configure > User defined groups in the toolbar to access this view.
Groups can contain elements such as events, IP addresses, computer names, and user accounts. After a group is defined, it can be referenced from multiple rules and filters.
See Create user defined groups in the SEM Administrator Guide for more information.
You can use email templates to customize your email notifications when triggered as responses in your custom rules. Click Configure > Email templates in the toolbar to access this view.
An email template includes static and dynamic text (or parameters). The static text lets you customize the message body of the email. The dynamic text is filled in from the original event that caused the rule to fire.
See Create email templates for use with SEM rules in the SEM Administrator Guide for more information.