Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 14 Next »

GEODI logs all classification activity. The log format may be a database, CSV, CEF, or syslog. You may use a SIEM or Log Analysis Panel to analyze the logs.

GEODI Log Analysis Dashboard

Log Analysis shows and analyses classification activities using the log records.

The dashboard comes ready in a template project. Please follow the steps for dashboard activation.

  1. A template project designed for classification is selected.

  2. The project includes a directory/database containing pre-existing resources for classification logs.

  3. You will see a DB data source; change DB settings to log DB.

    1. If you don't have an existing database, you can use an SQLite file.

  4. Any user in ACC.Classifier group will see the dashboard.

  5. Save and Start indexing

GEODI will process the logs and the new ones.

Example Classification Panel

Log format settings and SIEM Applications

Logs may be in CSV, CEF, DB, or sent with syslog and compatible with SIEMs. Log settings are done on the classification policy manager.

CSV or CEF format

  • \AppData\Dece\Geodi\Workspaces<ProjectName>\Logs\DLPClassifier. Optionally, it can also be saved in the Database.

  • For other logs, you can check the GEODI Logs page.

File

UNCPath of classified content

Örnek: C:\Users\<user>\Desktop\Yeni Microsoft Word Belgesi (2).docx

PreviousClass

Current Class (value = “?” for content without a class)

Class

Given Class

Source

Method of classification (Shell/Add-In)

ClientIP

Client IP

ClientUser

Client User Name

Process Memory(Kb)

The memory used on the system at the time the log was written.

Process Max Memory(Kb)

The peak of Memory usage in the system.

AutoClass

If the AutoClass column is used as an automatic recommendation or forcibly, the ID value of the class determined automatically is provided. If automatic classification has never been used, it will be logged as empty.

ActionType

  • Auto: Automatically assigned class.

  • Manuel: Manual class selected.

  • Offline: Manual class selected.(GDE and Shell)

  • AUTOCLASS Body Email: Classified as auto with %AUTOCLASS% text in Outlook desktop.

  • Auto Menu Click: Classified by automatic clicking on the Add-In.

  • Class Menu Click: Classified by selecting a class through the Add-In.

  • Form UI: Form interface opened, selection made through the form.

  • Forced AutoClass: It was forced to be automatic. Automatic classification was enforced.

Database format

When the log format is DB, the following fields are also logged.

Object ID

Unique ID

Log Time

time of transaction

Log User

user who doing the classification

Log App

GEODI

Log App Ver

GEODI Version

Log Module

DLPClassifier

Log Security Level

https veya http

Log Level

medium

  • No labels