Versions Compared

Version Old Version 11 New Version 12
Changes made by

Luke Fritz

Sharon Traineanu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: move toc to the top

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

Table of Contents
maxLevel3
minLevel3

Understanding the Datalake

...

The Armor data lake is a centralized repository for storing Armor collected data. With regards to EDR, the data lake contains data for incidents in every environment, including endpoints. This can be a lot of data so narrowing down the scope of information is critical to making sense of it all.

...

Expand
titleTable Example



Expand
themeMidnight
firstline1
titleJSON Example
firstline1
linenumberstrue



Helpful Fields for Searching the Datalake

...

Field

Filter By

event.type

This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy.

host.hostname

Hostname of the host.

host.os.name

OS fields contain information about the operating system.


Adding a Filter

...

To add additional filters, click on the Add Filter Button.

...

Then set the field to one of the helpful fields above, select the operator, put in the value and hit save.


Was this helpful?

...