EVENT ID Search in BDS Platform

EVENT ID Search in BDS Platform

An Alarm raised by SOC? Curious to know what the alarm is and why SOC raised it?

We provide complete transparency to check what event/alarm was raised by the SOC to the Partner/Client


Pre – Requisites: 
1. Login Credentials
2. Portal URL to login
3. Event ID (Ideally mentioned in the ticket)
4. Timestamp the ticket was created from the ticket


Once you logged into the tenant with the credentials. At this time the event/alarm that SOC raised will have an Event status of closed.


To Do: 
Change the time interval to cover the timestamp mentioned in the ticket
Change the Event Status to dash dash (--) which would cover all the events to search whether the event is open or closed. 
In order to search for the Event ID there is a specific process/way to find the event in the database of the specific tenant.
Change the Event status as you see below:

 
Before you paste the Event ID use: _id:
Then use the search bar to paste the Event ID.

The below is the example search

 
When we press the search button then you should see the event 
 

If the event is raised from the Kill chain the below should highlight the specific event you searched for. 
The event/alarm can be raised from multiple places in the UI. 
You can also check the event in the Threat Hunting section. 


 

You can also change the index to traffic to check the event if SOC raised the event to the IH not from the security events.




    • Related Articles

    • BDS G SUITE INTEGRATION

         Pre-Requisites: You will need Domain Administrator Privileges to configure the G-Suite Integration within BDS.   Preparation Before configuring G-Suite in data processor, user would need to enable this feature in the google admin dashboard. 1. ...
    • Stellar Cyber - Vendor Advisory for SolarWinds Orion Products - Countermeasure guidelines

      December 2020 Detect SolarWinds SUNBURST Backdoor with Stellar Cyber Open-XDR Platform On December 13 2020, multiple vendors such as FireEye and Microsoft reported emerging threats from a nation-state threat actor who compromised SolarWinds, and ...
    • Syslog Forwarding - Breach Detection System - Ports To Send To

      Firewall Ports to Open for Log Ingestion Network and security sensors require open inbound UDP ports on your firewall in order to receive and parse logs from devices on your network. The ports are already open by default on the sensor, so you must ...
    • AWS Cloudtrail Integration Guide With Breach Detection

      Overview AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS ...
    • ATT-Alienvault-Advisory

        SolarWinds Orion Supply Chain Attack                        Detections in AT&T Unified Security Management™ and IoCs in the AT&T Alien Labs Open Threat Exchange™ December 16, 2020, 11:15am (CST) TLP: Amber Dear USM Customer, The details of this ...