Event Analysis Report

by Josef Weiss
July 15, 2014

Report File: 

This report contains information that provides an overview of collected events. This provides the analyst with many different methods to quickly locate actionable context in your data. Indicators automatically alert of abnormal activity, such as increased event types, connections, or changes in client behavior, from any device that has its logs aggregated by Tenable’s Log Correlation Engine. This is important, as near-instant visibility can assist in pinpointing threats rapidly, and is the counterpart of the Event Analysis Dashboard found here:

Event Analysis Dashboard

Displayed in this report, event data is presented to the analyst in the following formats:

  • Pie Chart - Representation of the numerical proportion of the top 10 event types present.
  • Line Chart - Representation of the total count of normalized versus unnormalized events over the last 24 hours.
  • Table - IP Summary of the top event generators, and the total counts of events generated within the last 24 hours.
  • Trend Data - Representation of the amount of data flowing for each of the top 10 type events present within the last 24 hours.
  • Table - Normalized Event Summary, detailing all events by name, count, and a graph providing a visual representation of the last 7 days.

The Event Overview chapter contains several components that provide a visual summary of events for rapid identification of hosts and event types.

The Normalized Event chapter contains a full Normalized Event overview. Displayed is the event name, the number of those specific events that have occurred, and a visual representation of how and when they are occurring. Data displayed is over the last 7 day collection period.

The report is available in the SecurityCenter Feed, an app store of dashboards, reports, and assets. The report can be easily located in the SecurityCenter Feed by selecting category 'Monitoring', and then selecting tags 'Events'. The report requirements are:

  • SecurityCenter 4.8.1
  • LCE 4.2.2