| Table of Contents | ||||
|---|---|---|---|---|
|
Understanding the Datalake
...
The Armor data lake is a centralized repository for storing Armor collected data. With regards to EDR, the data lake contains data for incidents in every environment, including endpoints. This can be a lot of data so narrowing down the scope of information is critical to making sense of it all.
...
Helpful Fields for Searching the Datalake
...
Field | Filter By |
|---|---|
event.type | This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. |
host.hostname | Hostname of the host. |
host.os.name | OS fields contain information about the operating system. |
Adding a Filter
...
To add additional filters, click on the Add Filter Button.
...