Workflow Selection
The system provides predefined workflows for the types of data listed in the following table.
|
Feature |
Menu Path |
Option |
|---|---|---|
|
Intrusion events |
Analysis > Intrusions |
Events Reviewed Events |
|
Malware events |
Analysis > Files |
Malware Events |
|
File events |
Analysis > Files |
File Events |
|
Captured files |
Analysis > Files |
Captured Files |
|
Connection events |
Analysis > Connections |
Events |
|
Security Intelligence events |
Analysis > Connections |
Security Intelligence Events |
|
Host events |
Analysis > Hosts |
Network Map Hosts Indications of Compromise Applications Application Details Servers Host Attributes Discovery Events |
|
User events |
Analysis > Users |
Active Sessions User Activity Users Indications of Compromise |
|
Vulnerability events |
Analysis > Vulnerabilities Analysis > Hosts |
Vulnerabilities Third-Party Vulnerabilities |
|
Correlation events |
Analysis > Correlation |
Correlation Events Allow List Events Allow List Violations Status |
|
Audit events |
System > Monitoring |
Audit |
|
Health events |
System > Health > Events |
n/a |
|
Rule Update Import Log |
System > Updates |
n/a |
|
Scan Results |
Policies > Actions > Scanners |
n/a |
When you view any of the kinds of data described in the above table, events appear on the first page of the default workflow for that data. You can specify a different default workflow by configuring your event view settings. Note that workflow access depends on your user role.
In a multidomain deployment, you can view data for the current domain and for any descendant domains. You cannot view data from higher level or sibling domains.