Versions Compared

Version Old Version 14 New Version 15
Changes made by

Utkucan Saraç (Unlicensed)

İrem Kara

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

GEODI logs all classification activity. The log format may be a database, CSV, CEF, or syslog. You may use a SIEM or Log Analysis Panel to analyze the logsThe template project for the Classification project and Log Analysis Panel comes ready with the Classification module installation. In projects where classification activities are monitored, classification movements are recorded regularly. These classification logs can be written to a database and monitored and analyzed by any SIEM tool or Log Analysis Panel.

GEODI Log Analysis

...

Panel

With the Log Analysis shows and analyses classification activities using the log records.

The dashboard comes ready in a template project. Please follow the steps for dashboard activation.

...

A template project designed for classification is selected.

...

The project includes a directory/database containing pre-existing resources for classification logs.

...

You will see a DB data source; change DB settings to log DB.

  1. If you don't have an existing database, you can use an SQLite file.

panel, you can monitor your classification activities and perform analysis on a user and class basis.

  1. Any user in ACC.Classifier group will see the dashboard.

  2. Save and Start indexing

...

Example Classification Panel

...

Log format settings and SIEM Applications

You can use GEODI Logs may be in CSV, CEF, DB, or sent with syslog and compatible with SIEMs. Log settings are done on the classification policy manager.

...

CSV or CEF format

...

in SIEM applications.

Database Format

  • When Classification Logs are written to the Database, the following information is written.

  • For other logs, you can check the GEODI Logs page.

Object ID

Unique ID

Log Time

time of transaction

Log User

user who doing the classification

Log App

GEODI

Log App Ver

GEODI Version

Log Module

DLPClassifier

Log Security Level

https veya http

Log Level

medium

File

UNCPath of classified content

Örnek: C:\Users\<user>\Desktop\Yeni Microsoft Word Belgesi (2).docx

PreviousClass

Current Class (value = “?” for content without a class)

Class

Given Class

Source

Method of classification (Shell/Add-In)

ClientIP

Client IP

ClientUser

Client User Name

Process Memory(Kb)

The memory used on the system at the time the log was written.

Process Max Memory(Kb)

The peak of Memory usage in the system.

AutoClass

If the AutoClass column is used as an automatic recommendation or forcibly, the ID value of the class determined automatically is provided. If automatic classification has never been used, it will be logged as empty.

ActionType

  • Auto: Automatically assigned class.

  • Manuel: Manual class selected.

  • Offline: Manual class selected.(GDE and Shell)

  • AUTOCLASS Body Email: Classified as auto with %AUTOCLASS% text in Outlook desktop.

  • Auto Menu Click: Classified by automatic clicking on the Add-In.

  • Class Menu Click: Classified by selecting a class through the Add-In.

  • Form UI: Form interface opened, selection made through the form.

  • Forced AutoClass: It was forced to be automatic. Automatic classification was enforced.

Database format

When the log format is DB, the following fields are also logged.

Object ID

Unique ID

Log Time

time of transaction

Log User

user who doing the classification

Log App

GEODI

Log App Ver

GEODI Version

Log Module

DLPClassifier

Log Security Level

https veya http

Log Level

medium