Skip to content

Security Check Explorer

  • Version: 1.0.7-7-g251eead
  • Release Date: 2023-04-06 11:17:57
  • Supported Operating Systems: windows/amd64, windows/386, linux/arm, linux/arm64, linux/386, linux/amd64

Introduction

TrueWatch supports you in monitoring, querying, and correlating all inspection events through the "Security Check". It helps you improve the quality of inspections, problem analysis, and handling by promptly identifying vulnerabilities, anomalies, and risks.

Overview

In the "Security Check" - "Overview", TrueWatch provides a default security inspection monitoring view. You can view an overview of inspection events for different hosts by filtering hosts, inspection levels, and categories. This includes the number of inspection events at different levels and visual chart analyses, as well as top lists for inspection events based on different categories and rules.

You can also use the "Jump" button to navigate to the corresponding built-in view page and clone or modify the view.

Data Query and Analysis

In the "Security Check" - "Explorer", you can query inspection events by selecting time ranges, searching keywords, and applying filters.

Inspection Event Statistics

TrueWatch will count the number of inspection events with different statuses based on the selected time range. You can view the number of inspection events at different time points using a stacked bar chart. The statistics support different time intervals and exporting to dashboards, notes, and clipboard.

Data Export

The inspection event list supports exporting current list data as CSV files to local devices or exporting to scene dashboards or notes via the settings button above the list.

Save Snapshot

TrueWatch supports creating accessible data copies. Using the snapshot feature, you can quickly reproduce instant copies of data, restoring it to a specific point in time and display logic.

Inspection Event Details

When clicking on the "host" label or property fields, you can perform quick filtering actions such as "Filter Field Value," "Negative Filter Field Value," "Add to Display Columns," and "Copy."

  • "Filter Field Value": Adds the field to the Explorer to view all related data.
  • "Negative Filter Field Value": Adds the field to the Explorer to view all other data except for that field.
  • "Add to Display Columns": Adds the field to the Explorer list.
  • "Copy": Copies the field to the clipboard.

Recommendations

Click on the inspection event you want to view. In the detail panel, you can see recommendations for handling the security inspection event, including theoretical foundations, risk items, audit methods, and remediation measures.

Associated Inspections

In the inspection event detail page, you can match associated events by selecting tags (including: host, category, rule). You can also search for related events based on event names and content.

Associated Hosts

In the security inspection detail page, click on "Host" below to view the metrics and attribute views of related hosts (associated field: host).

Note: To view related hosts in process details, the "host" field must match; otherwise, the related host page will not be visible in process details.

  • Metrics View: View the performance metrics status of related hosts from 30 minutes before the end of this inspection event to 30 minutes after the log ends, including CPU, memory, and other performance metrics.

  • Attribute View: Helps you trace back to the actual state of the host object when the inspection data was generated. You can view the latest object data within 10 minutes before the end of this inspection event, including basic host information and integration runtime status. If cloud host collection is enabled, you can also view cloud provider information.

Note: TrueWatch retains historical data of host objects for the past 48 hours by default. If no historical data corresponding to the current log time is found, you will not be able to view the attribute view of the associated host.