Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 17 Next »

The template project for the Classification project and Log Analysis Panel comes ready with the Classification module installation. In projects where classification activities are monitored, classification movements are recorded regularly. These classification logs can be written to a database and monitored and analyzed by any SIEM tool or Log Analysis Panel.

Logs may be in CSV, CEF, syslog, or Database.

GEODI Log Analysis Panel

With the Log Analysis panel, you can monitor your classification activities and perform analysis on a user and class basis. The panel requires the logs to be in a Database.

  1. Once you install the Classification Module, your project will be automatically activated.

  2. You can review the following information via the panel:

    1. Classes

    2. Number of Classifications by Applications

    3. Number of Classifications by Users

    4. Classified Contents

    5. Trend analysis number of classification by Month, Week, Year

  3. Any user in ACC.Classifier group will see the dashboard.

  4. It will process the data contained within the GEODI log records. New log entries will continue to be automatically processed according to the defined scan for changes.

Example Classification Panel

image-20240229-074649.pngimage-20240229-074845.pngimage-20240229-074910.png

Log format settings and SIEM Applications

You can use GEODI Logs in SIEM applications.

Database Format

  • When Classification Logs are written to the Database, the following information is written.

  • For other logs, you can check the GEODI Logs page.

Object ID

Unique ID

Log Time

time of transaction

Log User

user who doing the classification

Log App

GEODI

Log App Ver

GEODI Version

Log Module

DLPClassifier

Log Security Level

https veya http

Log Level

medium

File

UNCPath of classified content

Örnek: C:\Users\<user>\Desktop\Yeni Microsoft Word Belgesi (2).docx

PreviousClass

Current Class (value = “?” for content without a class)

Class

Given Class

Source

Method of classification (Shell/Add-In)

ClientIP

Client IP

ClientUser

Client User Name

AutoClass

If the AutoClass column is used as an automatic recommendation or forcibly, the ID value of the class determined automatically is provided. If automatic classification has never been used, it will be logged as empty.

ActionType

  • Auto: Automatically assigned class.

  • Manuel: Manual class selected.

  • Offline: Manual class selected.(GDE and Shell)

  • AUTOCLASS Body Email: Classified as auto with %AUTOCLASS% text in Outlook desktop.

  • Auto Menu Click: Classified by automatic clicking on the Add-In.

  • Class Menu Click: Classified by selecting a class through the Add-In.

  • Form UI: Form interface opened, selection made through the form.

  • Forced AutoClass: It was forced to be automatic. Automatic classification was enforced.

  • No labels