Events

An event is a record of an interaction or observation of interest within seedata.io

An event could be a single interaction (like an email received), or more like an ongoing session with multiple interactions (think like a network scan).

We capture as much information as we can to all related interactions, and tag it with an event ID.

View All Events

You can see all events within your organisation, by browsing to https://app.seedata.io/events. This will show you a table view, sorted with your most recent event at the top, paginated to show 10 events at a time.

You can increase page size to show more events or jump to specific pages, you can sort columns in both directions, you can filter by certain values and you can free-text search.

You can also click on the menu [...] on the right end of any row to get access to actions.

The table shows the following columns:

  • Date Created - A timestamp for the first interaction within this event

  • Source - Where do we see the event originating from

  • Related Seed - What seed is the target of the event

  • Type - What type of interaction are we seeing

  • Priority - Based on threat rating of the source, plus impact rating of the seed, what do our calculations suggest the priority of this event might be

  • Status - At what lifecycle stage is this event

View Event Details

By clicking on an inidividual row in the "View All" list, you can access a more detailed view on an individual event, showing lower level information.

The same row of summary data is shown, with the same columns as described above. Below this, a more detailed panel will be shown to present lower level details. These will differ based on the seed type and the event type

Event Actions Menu

By clicking on the right hand menu [...] you access a set of actions related to events:

  • Report - Creates a new report page for the event, which can be exported as a PDF for wider sharing

  • Update - Allows the user to enter a journal entry for the event, adding commentary or changing the priority / status

  • Whitelist - Creates a new whitelist entry based on the source of this event, so future interactions will not lead to further events. Read more about whitelists here: https://docs.seedata.io/features/settings/whitelists

  • Alert - Manually send an alert for this event to an existing alert integration (potentially one who would not typically get an alert for such events)

Event Signals

These are the full list of interactions with the seed. We capture timestamp and source / destination details

Event Journal

Users can edit the priority or status of an event, or record their findings and investigation outcomes (using the actions menu to perform an "update")

PreviousEC2 HoneypotNextIntel

Last updated