In the Event-Database Viewer, you can query and work with the data in your Event Databases. In this topic, you will learn about the basic features of the Event-Database Viewer.
To work with the Event-Database Viewer:
1. | In the side bar, select Events >Event-Database Viewer. |
2. | In the side bar of the Event-Database Viewer, TLC lists each Event Database in your TLC environment. Under each database, TLC presents a set of options. |
To display data in the main pane, select an option in the side bar.
Select Event Overview to open a page in which you can work with Database Layouts and the Event data in the selected database. For further instructions, see Working with Database Layouts.
Select Events to work with Events that have been normalized by TLC.
Select Hosts to work with Hosts. A Host is either 1) the system with the Log Source that generated a log message resulting in the creation of a normalized Event in the database, or 2) a system for which a scanner identified an event that resulted in the creation of a Scanner Event in the database.
Select Vulnerabilities to work with Scanner Events imported from scanners (see What are Scanner Events?).
Select an option under Graphs to generate a Tripwire-defined graph with data queried from the database. For more information, see Viewing Graphs in the Event-Database Viewer.
Select an option under Searches to run a List Task that has been created for the database in the Task Manager. For more information about List Tasks, see Working with the Task Manager.
3. | If you select Events, Hosts, Vulnerabilities, or a Search in the side bar, TLC presents a table of Events, Hosts, or Scanner Events in the main pane. When the main pane contains a table, you can use the Event-Database button bar to work with the items in the table. The available buttons vary according to which option is selected in the side bar, as well as whether or not any items are selected. For button descriptions, see Table 37. |
Tip |
You can also access the available button-bar options by right-clicking an item in the main pane. |
---|
To modify the appearance and contents of a table in the main pane:
a. | From the Time Filter drop-down, select a time period to filter the displayed items. |
b. | To change the table's columns, or to filter the table based on column values, see Working with Tables. |
c. | If you want to save your changes as the default view for the selected side bar option, click Save Table Layout. |
Tip |
You can sort, group, and filter the contents of tables. For more information, see Working with Tables). |
---|
4. | If you expand the Events, Hosts, or Vulnerabilities group in the side bar, TLC presents a list of sub-groups. Each sub-group represents a field in the properties of Events, Hosts, or Scanner Events. For field descriptions, click here. |
To generate a graph of the values for a field, select a sub-group in the side bar.
To view items with a specific value for a field, expand the field's sub-group and select the value.
For example, under Events, the Destination IPs option represents the Destination IP field in Events.
To generate a graph illustrating the IP address values in the Destination IP fields of the database's Events, select Destination IPs.
To view the Events with a specific Destination IP address, expand the Destination IPs sub-group and select the IP address.
Next |
To work with the properties of a specific Event or Host, see: |
---|