The Events page is a crucial hub within the Fusion Portal, offering an organized and insightful view of key activities and trends.

To get started understanding Events in Fusion, see: Quickstart: Events.

There are 4 ways to view lists and groups of Events in the Fusion portal. When looking at any individual event in an event table on these pages, you can navigate to the Event Details page for that event by clicking the graph icon button to the left of the event.

Events by Asset

The Events by Asset page provides insights into assets within your infrastructure prioritized based on a risk score. This view assists in prioritizing the highest-risk assets for further investigation.

The information displayed on the Asset Summary chart is assigned scores ranging from 0 to 100 for both Threat and Confidence metrics:

• Threat Score: Measures the potential impact if the event occurs, indicating the extent of damage it could cause to your assets.
• Confidence Score: Represents the system’s confidence in the event’s legitimacy, aiding in identifying false positives.

In the table displayed, the Total Score is calculated based on the cumulative number of events, their associated threat (or risk), confidence in those events, and the severity of events affecting the asset.

Assets with a significant number of events, particularly those with high threat and confidence scores, are given priority and will appear at the top of the list, highlighting the need for review and remediation.

📘

Some key points to note:

• Custom detection models without assigned scores and external IP information are not included in the total score calculation.
• Only internal IPs, as determined by your network classification settings, are considered. External IPs are excluded from this view.

Events by Detection

The Events by Detection page is designed to provide users with a granular insight into event detections over time. Within this section, you'll find a line graph titled Event Count by minute, illustrating the frequency of detected events as they unfold. Accompanying the graph is a detailed table that breaks down each event by its detection model name (tdm.name), the associated categories, the total count of detections, and the event's severity. This page is crafted to offer a holistic view, facilitating users in swiftly identifying patterns and potential areas of concern.

Events by MITRE ATT&CK®

The Events by MITRE ATT&CK® page provides a heat map and table that organizes events into MITRE ATT&CK® Framework tactics and techniques. Each column represents a Tactic, with the Techniques related to that Tactic listed beneath.

See Events by MITRE ATT&CK for more detailed information about how this event page works and how MITRE ATT&CK tactics and techniques are referenced and accessible in Fusion.

Event List

Shifting the focus slightly, the Event List page presents a more granular view of individual events. Here, you'll find:

• A Detailed Table: This curated list offers a window into each event's summary, category, start time, duration, type, and severity. It's a comprehensive guide to understanding the what, when, and how of significant activities in your environment.