Events
The Events page is a crucial hub within the Fusion Portal, offering an organized and insightful view of key activities and trends.
To get started understanding Events in Fusion, see: Quickstart: Events.
There are 3 ways to view Events in the Fusion portal:
Events by Asset
The Events by Asset page provides insights into assets within your infrastructure prioritized based on a risk score. This view assists in prioritizing the highest-risk assets for further investigation.
The information displayed on the Asset Summary chart is assigned scores ranging from 0 to 100 for both Threat and Confidence metrics:
- Threat Score: Measures the potential impact if the event occurs, indicating the extent of damage it could cause to your assets.
- Confidence Score: Represents the system’s confidence in the event’s legitimacy, aiding in identifying false positives.
In the table displayed, the Total Score is calculated based on the cumulative number of events, their associated threat (or risk), confidence in those events, and the severity of events affecting the asset.
Assets with a significant number of events, particularly those with high threat and confidence scores, are given priority and will appear at the top of the list, highlighting the need for review and remediation.
Some key points to note:
- Custom detection models without assigned scores and external IP information are not included in the total score calculation.
- Only internal IPs, as determined by your network classification settings, are considered. External IPs are excluded from this view.
Events by Detection
The Events by Detection page is designed to provide users with a granular insight into event detections over time. Within this section, you'll find a line graph titled Event Count by minute, illustrating the frequency of detected events as they unfold. Accompanying the graph is a detailed table that breaks down each event by its detection model name (tdm.name
), the associated categories, the total count of detections, and the event's severity. This page is crafted to offer a holistic view, facilitating users in swiftly identifying patterns and potential areas of concern.
Event List
Shifting the focus slightly, the Event List page presents a more granular view of individual events. Here, you'll find:
- A Detailed Table: This curated list offers a window into each event's summary, category, start time, duration, type, and severity. It's a comprehensive guide to understanding the what, when, and how of significant activities in your environment.
Updated about 2 months ago