Cloud SIEM has an integrated platform for security events management. Here you can view security events that have occured, edit them, assign a security rule to a team member. You can filter the list using the top menu filters and the search bar.
The event manager has a retention period of 2 weeks. Older events are saved as logs on your security account and can be viewed from OpenSearch Dashboards.
Access Event Management
To access the Event Management platform:
-
Sign in to Logz.io.
-
Go to SIEM > Event Management.
Edit an event rule
To edit a rule for an event:
-
Select the three dots menu on the right side of an event that you need to edit and then select Edit. It will open the editor for the event rules.
-
Edit the rule conditions. This is different for regular rules where you can edit any field and a protected rule where some fields are locked.
Edit the event information
To edit the management information on an event:
-
Select Edit on the event row.
-
Change the rule status, assignment or a comment to the rule.
