Signals¶
When the SIEM rule is enabled and successfully detects anomalies, it generates corresponding event records. Signals provide you with a centralized entry point for handling these events, making it easier to perform specific analysis and response operations in practical scenarios.
Data Display¶
The signal Explorer provides various professional analysis views based on lists and charts.
Displays abnormal data collected within the current workspace over the past two days.
In the form of Top Lists, Time Series graphs, pie charts, treemaps, and grouped table charts, it filters data based on the count, last, first, count_distinct calculation modes under the by condition.
Signal Details¶
By clicking on specific data in the Explorer, a corresponding details page will slide out from the side.
You can view the basic attributes, extended fields, Incident Records, related signals, and associated views for this data item.
Incident Records¶
Displays SIEM event data with the same dimension_tags within three days before and after the current event occurrence.
Note
If there are no data records with the same dimension_tags, the system will display event data with the same df_monitor_checker_id.