Versions Compared

Version Old Version 10 New Version Current
Changes made by

Utkucan Saraç (Unlicensed)

Arda Ülgü (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The classification and log analysis panel template projects are ready with the installation of the classification module. In projects where classification is activeactivities are monitored, the classification movements are recorded regularly. Classification Logs These classification logs can be written to databases or CSV files or in CEF format. Logs can be analyzed with any SIEM tool. You can also use the GEODI analysis panel for the database.

CSV or CEF Logs

...

a database and monitored and analyzed by any SIEM tool or Log Analysis Panel.

GEODI Log Analysis Panel

With the Log Analysis panel, you can monitor your classification activities and perform analysis on a user and class basis. The panel requires the logs to be in a Database.

  1. Once you install the Classification Module, your project will be automatically activated.

  2. You can review the following information via the panel:

    1. Classes

    2. Number of Classifications by Applications

    3. Number of Classifications by Users

    4. Classified Contents

    5. Trend analysis number of classification by Month, Week, Year

  3. Any user in ACC.Classifier group will see the dashboard.

  4. It will process the data contained within the GEODI log records. New log entries will continue to be automatically processed according to the defined scan for changes.

Example Classification Panel

...

Log format settings and SIEM Applications

Logs may be in CSV, CEF, Syslog, or Database. GEODI Logs can be used in SIEM applications.

Database Format

  • For other logs, you can check the GEODI Logs page.

Object ID

Unique ID

Log Time

Time of transaction

Log User

User who doing the classification

Log App

GEODI

Log App Ver

GEODI Version

Log Module

DLP Classifier

Log Security Level

https veya http

Log Level

medium

File

UNCPath of classified content

Örnek

Example: C:\Users\<user>\Desktop\

Yeni Microsoft

New Word

Belgesi

Doc (2).docx

PreviousClass

Previous Class

Current Class (value = “?” for content without a class)

Class

Given Class

Source

Method of classification (Shell/Add-In)

ClientIP

Client IP

Client IP

ClientUser

Client User

Client

User Name

Process Memory(Kb)

The memory used on the system at the time the log was written.

Process Max Memory(Kb)

The peak of Memory usage in the system.

AutoClass

AutoClass kolonuna otomatik öneri olarak veya zorla kullanılmışsa otomatik ile belirlenen sınıfın ID değeri geliyor. Otomatik hiç kullanılmamışsa boş loglanacak.

ActionType

  • Auto: Otomatik seçilerek sınıf verildi

  • Manuel: Manuel sınıf seçildi.

  • Offline: manuel sınıf seçildi.

    • AUTOCLASS Body Email: Outlook desktop. %AUTOCLASS% metni ile zorla otomatik sınıflandı

    Username

    AutoClass

    If the AutoClass column is used as an automatic recommendation or forcibly, the ID value of the class determined automatically is provided. If automatic classification has never been used, it will be logged as empty.

    Action Type

    • Auto: Automatically assigned class.

    • Manuel: Manual class selected.

    • Offline: Manual class selected. (GDE and Shell)

    • AUTOCLASS Body Email: Classified as auto with %AUTOCLASS% text in Outlook desktop.

    • Auto Menu Click: Classified by automatic clicking on the Add-In

    üzerindeki otomatik tıklanarak sınıflandı

    • .

    • Class Menu Click: Classified by selecting a class through the Add-In

    üzerinden bir sınıf seçilerek sınıflandı

    • .

    • Form UI: Form

    arayüzü açıldı. form üzerinden seçim yapıldı

    • interface opened, selection made through the form.

    • Forced AutoClass:

    Otomatik zorunlu idi. zorla otomatik sınıflama yapıldı

    Writing Classification Logs to Database

    • You can also write the logs to the database if you want. In this way, it is possible to analyze with PowerBI or similar tools. You can only make connection settings from the GEODI server.

    ...

    When the Classification Logs are written to the Database, you can access the following information in addition to the above.

    ...

    Object ID

    ...

    Unique ID

    ...

    Log Time

    ...

    time of transaction

    ...

    Log User

    ...

    user who doing the classification

    ...

    Log App

    ...

    GEODI

    ...

    Log App Ver

    ...

    GEODI Version

    ...

    Log Module

    ...

    DLPClassifier

    ...

    Log Security Level

    ...

    https veya http

    ...

    Log Level

    ...

    medium

    GEODI Log Analysis Dashboard

    GEODI can analyze a database via dashboards. There is a ready module to do this for Classifier Logs. Install the "Classification Log Analysis" module and create a new project using the template. The ready dashboard will give you insight into class distributions, trends, and more.

    In order to use the Log Analysis Panel, "ACC.DLP":true must be added to the GenericSettings in Workspace settings, and after the "ACC.DLP" group is created, it can be used by the users in this group and the system admin.

    Example Classification Panel

    ...

    • It was forced to be automatic. Automatic classification was enforced.