/
GEODI Classifier Log Analysis Panel and Classifier Project

GEODI Classifier Log Analysis Panel and Classifier Project

The classification and log analysis panel template projects are ready with the installation of the classification module. In projects where classification activities are monitored, classification movements are recorded regularly. These classification logs can be written to a database and monitored and analyzed by any SIEM tool or Log Analysis Panel.

GEODI Log Analysis Panel

With the Log Analysis panel, you can monitor your classification activities and perform analysis on a user and class basis. The panel requires the logs to be in a Database.

  1. Once you install the Classification Module, your project will be automatically activated.

  2. You can review the following information via the panel:

    1. Classes

    2. Number of Classifications by Applications

    3. Number of Classifications by Users

    4. Classified Contents

    5. Trend analysis number of classification by Month, Week, Year

  3. Any user in ACC.Classifier group will see the dashboard.

  4. It will process the data contained within the GEODI log records. New log entries will continue to be automatically processed according to the defined scan for changes.

Example Classification Panel

image-20240229-074649.png
image-20240229-074845.png
image-20240229-074910.png

Log format settings and SIEM Applications

Logs may be in CSV, CEF, Syslog, or Database. GEODI Logs can be used in SIEM applications.

Database Format

  • For other logs, you can check the GEODI Logs page.

Object ID

Unique ID

Log Time

Time of transaction

Log User

The user who is doing the classification

Log App

GEODI

Log App Ver

GEODI Version

Log Module

DLP Classifier

Log Security Level

https:// veya http://

Log Level

medium

File

UNCPath of classified content

Example: C:\Users\<user>\Desktop\New Word Doc (2).docx

Previous Class

Current Class (value = “?” for content without a class)

Class

Given Class

Source

Method of classification (Shell/Add-In)

Client IP

Client IP

Client User

Client Username

AutoClass

If the AutoClass column is used for automatic recommendations or forced recommendations, the ID of the automatically determined class is provided. If automatic classification has never been used, it will be logged as empty.

AutoClassReason

The findings that trigger autoclass

Action Type

  • Auto: Automatically assigned class.

  • Manuel: Manual class selected.

  • Offline: Manual class selected. (GDE and Shell)

  • AUTOCLASS Body Email: Classified as auto with %AUTOCLASS% text in Outlook desktop.

  • Auto Menu Click: Classified by automatic clicking on the Add-In.

  • Class Menu Click: Classified by selecting a class through the Add-In.

  • Form UI: Form interface opened, selection made through the form.

  • Forced AutoClass: It was forced to be automatic. Automatic classification was enforced.

 

Syslog support

For Syslog support, select DB as the log format, choose Syslog Connection as the VT provider, and enter the values for the listening application.