The Events page is a crucial hub within the Netography portal, offering an organized and insightful view of key activities and trends. This page is divided into two main sections, each crafted to give you a unique perspective on your network events.

Asset Summary

The Asset Summary tab provides insights into assets within your infrastructure that have been prioritized based on a risk score. This view assists in prioritizing the highest-risk assets in your infrastructure for further investigation.

Information displayed on the Asset Summary chart are assigned scores ranging from 0 to 100 for both Threat and Confidence metrics:

• Threat Score: Measures the potential impact if the event occurs, indicating the extent of damage it could cause to your assets.
• Confidence Score: Represents the system’s confidence in the event’s legitimacy, aiding in the identification of false positives.

In the table displayed, the Total Score is calculated based on the cumulative number of events, their associated threat (or risk), confidence in those events, and the severity of events affecting the asset.

Assets with a significant number of events, particularly those with high threat and confidence scores, are given priority and will appear at the top of the list, highlighting the need for review and remediation.

🚧

Some key points to note:

• Custom detection models without assigned scores and external IP information are not included in the total score calculation.
• Only internal IPs, as determined by your network classification settings, are considered. External IPs are excluded from this view.

Detection Summary

The Detection Summary tab is designed to provide users with a granular insight into event detections over time. Within this section, you'll find a line graph titled Event Count by minute, illustrating the frequency of detected events as they unfold. Accompanying the graph is a detailed table which breaks down each event by its detection model name (tdm.name), the associated categories, the total count of detections, and the severity of the event. This tab is crafted to offer a holistic view, facilitating users in swiftly identifying patterns and potential areas of concern.

Event List

Shifting the focus slightly, the Event List tab presents a more granular view of individual events. Here, you'll find:

• A Detailed Table: This curated list offers a window into each event's summary, category, start time, duration, type, and severity. It's a comprehensive guide to understanding the what, when, and how of significant activities in your environment.

The Events page is designed to offer a tailored view of your network's activities, from the broad strokes to the intricate details. By navigating between the Event Summary and Event List tabs, you gain a well-rounded perspective that empowers you to understand and respond to the ongoing dynamics within your network.