Use Cases
Following is a list of example use cases for which the Hierarchy Map data monitor is a useful monitoring tool.
-
Display the number of matches for all the rules within a given time frame, with the hierarchy groups based on the File path field of the rule audit events. The value is the count of the events for each group. The goal would be to show which rules fired the most in a given time frame.
-
Show table space usage of correlation resources, particularly session lists and active lists.
-
Show memory usage for correlation resources, particularly session lists and active lists.
-
Show assets hierarchy by networks, zones and subnets. Within subnets, the assets can be sub-divided into asset ranges.
-
Show assets hierarchy divided by the location of assets, where the value on the map is the count of the events targeting those assets.
-
Show assets hierarchy divided by the location of assets, where the value on the map is the count of the assets within those locations.
-
Monitor resource distribution; that is, how many rules, reports, data monitors and so on are being used in the system, where the count is system storage space.
-
Display events by device to show how many events are generated from each device in a given time frame (for example, the past two days).
-
Show assets by the number of attacks each receives, to determine which assets are the most vulnerable.