Log Explorer

The Log explorer is the default tool used to manage all related to Log exploration. It provides a powerful user interface for filtering and visualizing data in multiple ways.

Logs Summary

By default, the page displays a tabular summary of the logs. The table view lists all the logs in reverse chronological order (the latest generated log is displayed first).

Logs Summary

Logs summary

Go to the Log explorer tab and click to display a drop-down list. Select the first option: Log explorer. This page shows the log analyzer, a tabular view of the logs.

The table shows the number of logs occurring within a specified interval of time. The screen shows up to fifteen rows, to see more rows move to the next page. At the top portion are displayed the time consumed to get the records, the number of records, and the time.

image-1594311458238.png

UTM Stack provides another type of view: Chart

image-1594311519428.png

The Chart view shows a Bars graph displaying the top values of the selected field. You can click on any of the bars to display only the events that occurred within that time frame. Below the chart, you can specify the duration of the time frame, such as the last hour, last 24 hours, or last week.

You can filter the search changing the selected field or choosing the time range (from a year to minutes). It is also possible to switch between Bar or Line graph style. You can mouse over the bars and lines to view brief information: date and quantity. You can zoom in the graph, or download it as an image.

You can click on any particular log row to view additional details about that log in a popup window with two choices: TABLE or

JSON. JavaScript Object Notation (JSON) is a language and platform independent format for data interchange. JSON uses less data overall, so you reduce the cost and increase the parsing speed. The JSON structure is straightforward and readable. You have an easier time mapping to domain objects, no matter what programming language you're working with.

Search

Search

Search

Enter a query in the search box. A query extracts a report over a defined time frame. At the top section of the screen you can click on the ADD icon to start one or more queries simultaneously.

 

image-1594311750939.png

By default, you start with an open blank query. The search query is defined using the following parameters:

Source

EVENT, ALERT, or VULNERABILITY

Field

Allows filtering the search results to display only those containing a particular value in a field.

Operator

Allows specifying a logical expression search query to filter the events

Time

Allows the user to set a custom range of time (from year to minutes)

A search bar allows the user to search directly within a specific source.

Queries

Clicking on the QUERIES icon displays a screen with the Query List. It shows the name, comment, and last modification. The ACTION option allows for editing the query or delete it from the list. The queries are listed in chronological order (the latest generated query is displayed at the end). A search bar lets you find a particular query by the name.

 

queries-list.png

Filtering

Filtering

Filtering

UTMStack uses several filtering criteria to get information about specific events or alarms.

The ADD FILTER tab displays a window where you can choose the Field or the Operator. UTMStack supports a number of different data types for the fields.

The operator section lets you specify a logical expression search query to filter the events. All the filters can be enabled or disabled quickly, clicking on the Filter icon

image-1594311952720.png

The CALENDAR icon allows the user to set a custom range of time (from year to minutes), or apply commonly used filters such as the last 15 minutes, last hour, last seven days, last ninety days, last year, today, etc.

image-1594311980001.png

 

Reporting

Reporting

Reporting

UTMStack generates user-customized reports:

image-1594312137723.png

Select SAVE   to save a query with a name and an optional description.

Select Save as compliance to save the results as a HIPAA or SOC compliance Report.

Select Export to CSV   to save a report in a CSV document format.

 

SAVING AS COMPLIANCE

To do that, you must choose an available standard (HIPAA and SOC), clicking on the standard tab, or add a new standard and description.

image-1594312171481.png

Subsequently, select the standard section from a predefined list: Audit controls, Integrity, Contingency plan, etc. In the last step, you can configure the filters: field and label. After that, click on the CREATE COMPLIANCE icon to save the report in PDF format.

image-1594312208368.png