Introduction to Reports
Report generation is essential for any security appliance to identify threats and their frequency of attack, and to determine the status of resources of the system itself, which could compromise the ability of the security device to counter cyber security incidents.
Crystal Eye has extensive, easily-accessed reporting integrated into the operating system which encompasses system resources and network incidents.
Executive Report¶
The Executive Report provides a crisp and concise overview of the Crystal Eye XDR alerts and reports generated from various in-built applications such as Apps Status, Data Loss Protection, Disk Usage, Events & Notifications, Forcefield, Gateway Scan Report, IDPS Alerts, Network Detail Report, Network Interfaces, Protocol & Application Detail Report and Risk Report.
App Status¶
The Apps Status application provides a 360-degree view of the current running status of various installed applications of the Crystal Eye appliance. There are about 7 services that can be initiated and stopped from the app GUI. The services that can be initiated and stopped from the Apps Status application are Antivirus, Intrusion Detection & Protection, Forcefield, Incident and Event Services (SIEM). The Crystal Eye XDR administrator can also download a PDF report that states the running status of various applications. The Apps Status report can also be selected to be a part of the Executive report of the Crystal Eye appliance.
Disk Usage¶
The Apps Status application provides a 360-degree view of the current running status of various installed applications of the Crystal Eye appliance. There are about 7 services that can be initiated and stopped from the app GUI. The services that can be initiated and stopped from the Apps Status application are Antivirus, Intrusion Detection & Protection, Forcefield, Incident and Event Services (SIEM). The Crystal Eye XDR administrator can also download a PDF report that states the running status of various applications. The Apps Status report can also be selected to be a part of the Executive report of the Crystal Eye appliance.
Events and Notifications¶
The primary functionality of the Events and Notifications application is to log various events generated in the Crystal Eye appliance on a real time basis. All the event types recorded/logged by Crystal Eye are categorized under three main categories namely, Informational Events, Warning Events and Critical Events. The information generated through these event types can be interpreted to effectively monitor various CE related processes.
The Events and Notifications application has a dedicated table that tracks, records and displays all the events that occurs in the Crystal Eye appliance. This table not just shows the Event Type but also describes it in detail. One of the most useful features of the Events and Notifications application is that it can be configured to send email notifications of the ongoing CE events to multiple email ids. However, the CE administrator has the choice to set the app to send these notifications on a real-time basis or on a daily basis.
Gateway Scan Report¶
The Crystal Eye appliance has an inbuilt Gateway Antivirus that examines and evaluates files as they transit in real time. Crystal Eye makes use of a combination of signature and heuristic analysis to classify files to detect and automatically block malicious files in order to prevent infection from occurring. The Gateway Scan Summary Report displays the scan summary specifying details regarding the files that were blocked. These details include Timestamp, IP Address (where the malicious files were detected), Site (domain name from where the malicious files originated), Blocked URL (URL of the blocked file), Reason (why the file was blocked), Content Type and Description.
IP Attack Map¶
The IP Attack Map application comprises of 6 main components that sums up to render a pool of data utilized for detailed security analysis. The IP attack map displays data pertaining to the security zones of the Crystal Eye network through the Banned IPs Table, Real Time Attack Tracker, Protocol Traffic Size Indicator, Device Traffic Size Indicator, and Real Time IDPS Alerts.
The data gathered becomes the basic platform facilitating in-depth security analysis. The attack is visually depicted on the world map clearly specifying the origin and the destination of the attack. The visual depiction of the attack is also colour coded to specify the protocol that was used in the attack. All this is simulated on the world map and has a parallel database called the Alert Report which further provides the attack details such as the Timestamp, Source IP, Destination IP, Country Name, Region Name etc.
Log Viewer¶
The Log Viewer application is a powerful tool that provides explicit access to the system log files. The Crystal Eye administrator can use it to monitor various CE related backend tasks. These logs also play a vital role while investigating a security incident or while performing trouble shooting tasks.
One of the most important aspects of the Log viewer application is its ability to provide leads while investigating system failure or network failure. CE logs also helps in sanity check for the database determining whether all the backup data has been restored. Some of the other logs show here in log viewer apps are related to email scanning, http traffic passing through proxy, forcefield, dhcp and installed rpms. In addition, the CE administrator can also attain logs related to the kernel since power up and a few more core services.
Network Interfaces¶
The Network Interfaces application provides a comprehensive view of the various interfaces in the Crystal Eye network. The number of LAN and WAN interfaces supported by a Crystal Eye appliance varies from model to model. This application provides a detailed view of the data transmitted and received (in Mbps) over various network interfaces of the Crystal Eye appliance. The detailed view consists of graphical and tabular representation of the data transmitted over the network. With the help of user-centric reporting features of this application, the administrator can download PDF reports as well.