Entities can be filtered by category, functions, source, state, tags, and type to obtain more accurate results. Whether or not filters are applied, you can search for entities by class, type, name, or state using the search box. Once you have narrowed down the entities using the appropriate filters, you can enrich them by assigning tags, criticality, and functions.
Defining the search criteria for filtering entities in the entity inventory
Use this procedure to filter entities from the entity inventory.
To apply filters to the entity inventory:
1. Navigate to Resolutions --> Overview, under Entities. The Entities Overview page appears.
2. Click on a specific class in a category from the entities list. This displays the list of entities that belong to this class under this category.
3. Select the Start Time and End Time to filter entities by the selected duration. Otherwise, all entities are displayed by default. You have options to filter entities from the last 30 minutes to the past year.
4. Click the filters icon to filter entities further by category, Type, Source, Functions, Tags, and State. Based on the search criteria, the entities are displayed. On this filter icon, you can view the total filters used. To reset the applied filters, use the Clear All option. If you want to remove a specific applied filter, click the cross icon next to it.
5. Click Apply.
6. Review this information in the entity inventory table:
Field name | Field description |
---|---|
Name | The name of the entity. |
Display Name | The display name of the entity. You can view the public IP address of an entity in this field only when the IP address check box is selected while creating an enrichment policy. |
ID | The ID assigned to the entity. |
State |
The entity state. Only active signals are visible. |
Location | The location from where the entity has been sync. |
Source |
The source from where the entities have been onboarded. Values:
|
Category | The category to which the entity belongs to. |
Class | The class associated with the entity. |
Type | The type of entity. |
Tags | The tags assigned to the entity. |
Function | The function associated with the entity. To create a function, refer Configuring a Function. |
7. Click Manage columns to select and deselect the columns you want to view in the table. You can also change the order of columns by dragging and dropping them to the position you want to see them in the table, using the reordering button.
8. Click the Export icon and select CSV or JSON to export the list of entities into a CSV file or a JSON file respectively. You will receive the file via email.
If you want more relevant search results, you can write complex search queries using free form query text and operators. For more information on how to construct advanced queries, refer Constructing advanced search queries.
You can perform the following actions on the Entity inventory page:
- Adding tags to a group of entities
- Assigning Functions to entities
- Assigning criticality
- Syncing entity data
Adding tags to a group of entities
Use this procedure to add tags to a group of entities at one go for enriching signals. Tag is a combination of key: value pair. Assigning tags will help you organize data.
To add tags to a list of entities:
1. Navigate to Resolutions --> Overview, under Entities. The Entities Overview page appears.
2. Click on a specific class in a category from the entities list. This displays the list of entities returned for this class and associated with this category.
3. Select the check boxes corresponding to the entities to which you want to add tags. This enables the tag icon.
4. Click the tag icon . This opens the Add tags window.
5. Enter the tag key and value to identify and organize selected entities.
6. Click Save tags to assign tags to the selected entities.
You can add multiple tags to the entity, using the plus icon. If there are more than 7 tags, you can see More option. Click this option to search for a specific tag in View tags window.
Assigning Functions to entities
Use this procedure to assign functions to entities. This notifies the respective personnel who are configured in the escalation policy when an ActOn is triggered from this entity.
To add services to entities:
1. Navigate to Resolutions --> Overview, under Entities. The Entities Overview page appears.
2. Click on a specific class in a category from the entities list. This displays the list of entities returned for this class associated with this category.
3. Select the check boxes corresponding to the entities to which you want to assign functions or services. This enables the assign functions icon.
4. Click the Assign Function icon . The Assign Functions window opens.
5. Select the Functions from the list. To define functions, see Configuring a Function
You can assign multiple functions to the entities.
6. Select the primary function for the entities. There can only be one default function to route the signals that do not belong to any entity.
7. Click Save to assign functions to entities.
Assigning criticality
Use this procedure to assign criticality for critical entities to the business infrastructure from thousands of entity records. An entity is considered critical if its compromise causes severe loss to business or interruption to business operations.
To assign criticality to entities:
1. Navigate to Resolutions --> Overview, under Entities. The Entities Overview page appears.
2. Click on a specific class in a category from the entities list. This displays the list of entities returned for the class associated with this category.
3. Select the check boxes corresponding to the entities to which you want to assign criticality. This enables the criticality icon.
4. Click the Critical icon .
A pop-up appears, prompting you to set the entities to critical or not.
5. Click Yes to set the entities as critical.
Now you can view the entity with the criticality indication.
Syncing entity data
Use this procedure to sync the metadata of existing entities to the Resolution Intelligence Cloud.
To sync entity data:
1. Navigate to Resolutions --> Overview, under Entities. The Entities Overview page appears.
2. Click on a specific class in a category. This displays the list of entities within the selected class.
3. Select a specific or a group of entities whose changes you want to sync.
Note: Note that you can sync the data of only 10 entities simultaneously.
3. Click the Sync entities icon to sync the updated entity data into the Resolution Intelligence Cloud platform.
You can also sync the updated metadata of a specific entity from the entity page, using the Sync Now option. Sync now is enabled only for AWS, Azure, Opsramp, and GitHub entities.
Comments
0 comments
Please sign in to leave a comment.