To access the Hunt Geo Activity page:
-
Log in to LogRhythm NDR's new UI.
-
Click Hunt from the sidebar menu and then click Geo Activity.
The Geo Activity page displays the Geo Chart and Geo Table.
Geo Activity is a global map where the occurred events are marked and the entry UUIDs are specified.
When you hover over the entry UUID marked on the map, a tooltip provides information about that specific event such as the Date, Entry Type, and Event Trigger. -
To navigate to the specific case event and view more details, click on a particular UUID.
-
To filter from the list of available entries on the Geo Chart, use the Anomaly and Threat Severity sliders.
-
To filter further, click the Date Range/Time picker drop-down menu option available next to the Search field at the top-right of the page.
The Geo Table presents data such as Occurred On, Event Info, Activity, and Entry UUID. -
Click the column headers in the table to sort the table entries in ascending or descending order.
-
Click the corresponding links provided in the table for further information on the topics.
-
To export the activity details, click the Export icon.
-
To add or remove column headers, click the Show Columns icon.
-
To expand and see more details such as Date, Community ID, and Destination ID, click on the entry.
-
Click the Raw Data (JSON) tab to see more details in the JSON format.
-
Click a particular User_UUID to activate the filter and only show entries pertaining to that particular User_UUID.
This can be done in both the chart and the table. -
To Enable/Disable an User_UUID and remove the filter, click the entry.
-
Click the Alert Event drop-down option available in the Event Info column, corresponding to a particular entry, to view the related logs.