Classification Logs In Classifier projects, the classification movements are recorded. Classification Logs contain information such as the directory of the file where the classification is made, the class of the file before the classification process, and the class after the classification process.
...
The classification and log analysis panel template projects are ready with the installation of the classification module. In projects where classification activities are monitored, classification movements are recorded regularly. These classification logs can be written to a database and monitored and analyzed by any SIEM tool or Log Analysis Panel.
GEODI Log Analysis Panel
With the Log Analysis panel, you can monitor your classification activities and perform analysis on a user and class basis. The panel requires the logs to be in a Database.
Once you install the Classification Module, your project will be automatically activated.
You can review the following information via the panel:
Classes
Number of Classifications by Applications
Number of Classifications by Users
Classified Contents
Trend analysis number of classification by Month, Week, Year
Any user in
ACC.Classifiergroup will see the dashboard.It will process the data contained within the GEODI log records. New log entries will continue to be automatically processed according to the defined scan for changes.
Example Classification Panel
...
Log format settings and SIEM Applications
Logs may be in CSV, CEF, Syslog, or Database. GEODI Logs can be used in SIEM applications.
Database Format
For other logs, you can check the GEODI Logs page.
Object ID | Unique ID |
|---|---|
Log Time | Time of transaction |
Log User | User who doing the classification |
Log App | GEODI |
Log App Ver | GEODI Version |
Log Module | DLP Classifier |
Log Security Level | https veya http |
Log Level | medium |
File | UNCPath of classified content |
Example: C:\Users\<user>\Desktop\ |
New Word |
Doc (2).docx |
Previous Class | Current Class (value = “?” for content without a class) |
|---|---|
Class | Given Class |
Source | Method of classification (Shell/Add-In) |
Client IP | Client IP |
|---|
Client User |
|---|
Process Memory(Kb)
The memory used on the system at the time the log was written.
Process Max Memory(Kb)
The peak of Memory usage in the system.
Writing Classification Logs to Database
You can also write the logs to the database if you want. In this way, it is possible to analyze with PowerBI or similar tools. You can only make connection settings from the GEODI server.
...
When the Classification Logs are written to the Database, you can access the following information in addition to the above.
...
Object ID
...
Unique ID
...
Log Time
...
time of transaction
...
Log User
...
user who doing the classification
...
Log App
...
GEODI
...
Log App Ver
...
GEODI Version
...
Log Module
...
DLPClassifier
...
Log Security Level
...
https veya http
...
Log Level
...
medium
You can analyze the logs written on the database in GEODI and examine the classes given depending on time.
For this analysis, after installing the "Classification Log Analysis" module in GEODI, you can visually examine the classification logs on the panel in the project after selecting the draft project on the new project creation screen and connecting to the database.
Default class rules are valid in the dictionary used in the panel. When changes are made to the default class rules, the dictionary must also be changed.
Sample Classifier Log Panel
...
Client Username | |
AutoClass | If the AutoClass column is used as an automatic recommendation or forcibly, the ID value of the class determined automatically is provided. If automatic classification has never been used, it will be logged as empty. |
Action Type |
|