Step 3 - Review Events Being Forwarded to Attack Surface Insights
The goal of this step is to review the event filter in Log Stream that defines the events being routed to the Attack Surface Insights application. Attack Surface Insights is an entity management and classification application. For more information, see Attack Surface Insights in the Attack Surface Insights Guide.
This type of filtering can help you reduce the cost of processing events that have no security value, reduce the number of false positives, and reduce the generation of unnecessary alerts. For more information about how this type of filtering works, see Event Filtering in the Log Stream Guide.
On the New-Scale Security Operations Platform home page, navigate to Security Management column and click the Log Stream tile.
Click on the Event Filtering tab at the top of the Log Stream page. The Event Filtering and Routing page opens. This page is divided into two portions. The top section allows you to create event filters that route events to the New-Scale Analytics detection engine. The bottom section is for creating filters to route events to the Attack Surface Insights application.
In the Attack Surface Insights section of the page, click Add Event Filter. The Add Event Filters for Attack Surface Insights dialog box opens with set of the vendors and products selected by default.
Click the Select all option just below the search bar at the top of the dialog box. All of the listed vendors and products will be checked.
If you want to exclude some vendors or products from the selected list, click on individual checkboxes to unselect them.
Click Add Event Filters to save the selection.