All Raw Events Tab

The All Raw Events tab displays every single event ingested by the Threat Stack CSP within the specified date range. On the All Raw Events tab, you can filter and work with events.

Note

The Threat Stack CSP retains events for three days. Events that trigger an alert are retained for 365 calendar days.

Search for Events

For more information, see Search for Events.

Event Details

Each event ingested by the Threat Stack CSP includes metadata related to the action the event records. The event details displayed depend on the source of the event.

SampleEvents.png

  1. Date and Time and Source Icon – The date and time at which the event entered the Threat Stack CSP. The icon indicates the source of the event (Threat Stack Agent, CloudTrail, Kubernetes, or Windows).
  2. Colored dot – Indicates the source of an event. This is a quick way to visually distinguish events of particular importance to your workflow.
  3. Metadata – The data collected by the Threat Stack CSP about the event. The source of the event determines the data collected.

    EventDetails.png

You can perform the following actions from an event:

  • Create a rule based on the event
  • View the JSON file for the event
  • Add events to the My Event Queue tab
  • Add event metadata to your search query
Create a Rule from an Event
  1. Log into the Threat Stack CSP.
  2. Click the Events tab. The Events screen displays.
  3. Hover the mouse cursor over the event from which to create a rule. The action bar displays.

    CreateRuleButton.png

  4. Click the Create Rule button. The Add New [type of rule] Rule dialog opens.

    AddNewRuleDialog.png

  5. Follow the instructions in the Rule Creation Overview article for the type of rule to create the new rule.
View an Event's JSON
  1. Log into the Threat Stack CSP.
  2. Click the Events tab. The Events screen displays.
  3. Hover the mouse cursor over the event for which to view the JSON. The action bar displays.

    ViewJSONButton.png

  4. Click the View JSON button. The Event JSON dialog opens.

    EventJSONDialog.png

Add Event to My Event Queue Tab

Click the Add to My Queue button to add an event to the My Event Queue tab. For more information, see My Event Queue.

  1. Log into the Threat Stack CSP.
  2. Click the Events tab. The Events screen displays.
  3. Hover the mouse cursor over the event to add to the My Event Queue tab. The action bar displays.

    AddToMyQueueButton.png

  4. Click the Add to My Queue button. A message displays in the lower right corner of the screen informing you that the event has been added to the My Event Queue tab. From now on, you can only search for the event in the My Event Queue tab.

Related Articles

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request