![]() ![]() Is there a best practice in performing this kind of scenario? Because it looks like there's no other way. I have no problem in Deep DIve since you can break down the entities into Lanes for visual representation since the aggregated Lane with 4 entities is kind of crowded to see already, what more if you have 10-20 entities. ![]() Since KPIs can only be rolled-out on Glass Table as whole, I opted to use an "Ad Hoc" search (the "at search time" KPI with no backfill) similar to the KPI and copied the threshold of KPI to show the 4 CPUs on the Glass Table. Glass Table: Infra Diagram - 4 webservers must show the 4 CPU Util and 4 Memory Util. KPIs under the Service: CPU Util, and Memory Util. 14:02:05,Virus found,Source: Scheduled Scan,Risk name: ,Occurrences: 1,/Users/71071190/Downloads/archive_manager.dmg,'',Actual action: Deleted,Requested action: Deleted,Secondary action: Deleted,Event time: 22:38:17,Inserted: 20:02:05,End: 22:38:17,Last update time: 20:02:05,Domain: North America,Group: My Company\North America\Workstations\Macs,User: 12345678,Source computer: ,Source IP: ,Disposition: Good,Download site: null,Web domain: null,Downloaded by: null,Prevalence: Reputation was not used in this detection.,Confidence: Reputation was not used in this detection.,URL Tracking Status: Off,First Seen: Reputation was not used in this detection.,Sensitivity: Low,MDS,Application hash: ,Hash type: SHA1,Company name: ,Application name: ,Application version: ,Application type: -1,File size (bytes): 0,Category set: Security risk,Category type: UNKNOWNĮntities: webserver1, webserver2, webserver3, webserver4 Need help in removing double quotes from extracted field value.ĮVAL-user = nullif(replace(user, "+:\s*(.*|\w+\,\s\w+\s\",Source computer: ,Source IP: ,Disposition: Good,Download site: null,Web domain: null,Downloaded by: null,Prevalence: Reputation was not used in this detection.,Confidence: Reputation was not used in this detection.,URL Tracking Status: Off,First Seen: Reputation was not used in this detection.,Sensitivity: Low,MDS,Application hash: ,Hash type: SHA1,Company name: ,Application name: ,Application version: ,Application type: -1,File size (bytes): 0,Category set: Security risk,Category type: UNKNOWN
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |