Run Contextualize
Contextualization provides information about a host, port, or user in a log or event. It is an option in the context menu of aggregate log or event lists. You access Contextualization from aggregate logs or aggregate events list which you can create in Personal Dashboard, Investigator, or Tail.
- After you create an aggregate list of logs or events, select a row in the list.
- Right-click the row, and then click Contextualize.
- Select an option from the following:
Host (Origin) Information or Host (Impacted) Information. Opens the Host Information window with Basic, Ping, Trace Route, and Whois tabs.
Port (Origin) Information or Port (Impacted) Information. Opens the Port Information window.
Host (Origin) Identity Inference or Host (Impacted) Identity Inference. Opens the Host Identity Inference window appears. The Host Identity Inference feature maintains a mapping of users to hosts based on log activity observed. If the log message doesn't contain user identifying information, the identity of the host is logically inferred and presented to the users and analytic engines.
For Identity Inference to work, Identity Inference must be configured through one of the following methods:In the Platform Manager in the Global System Settings. Identity Inference can be enabled globally or on a per Data Processor basis.
In the Data Processor Modify Data Processor Advanced Properties. Identity Inference can be set for individual Data Processors when it has been globally disabled.
The Log Message Info includes:
Host Name
Host IP Address
Log Date
The Identifier information includes:
Identifier
Identifier Type. User or Address.
Confidence. Represents the highest confidence observed for each identifier within the queried time.
Log Date Offset. Hours and minutes when the specific identifier was last observed with respect to the queried message Normal time.
Last Observed
Last Observed Utc
Select the Identifier(s) you want.
Right-click and select a Launch Investigator option:
The investigation is launched in the background.
Investigate Identify Inference Users in Login
Investigate Identify Inference Users in Account
Investigate Identify Inference Users in Login or Account
Investigate Identify Inference Address in Sender
Investigate Identify Inference Address in Recipient
Investigate Identify Inference Address in Sender or Recipient
User Information. Opens the User Information window.
- The Contextualization window opens and displays results according to the parameters you selected.