Recently, the engineers at MetaFlows have improved the Event Classification Menu within the MetaFlows software, allowing each user to further customize events through actions and event views. This introduces four key features to the Event Classification Menu that users will find helpful in employing the MetaFlows IDS.
The first improvement allows users to see a comprehensive list of their classifications. Now, users can access a new classification interface that breaks the classifications down by action. There are seven action types: Highlight, Block, E-mail, Ignore, Delete, Rank, and Disabled. The Highlight function matches the records in the Real-Time, Historical, and Reports with the selected color. The Block action triggers the Soft IPS for matching records, causing connections matching the classification to be blocked. The E-mail function produces a PDF report of matching records that will be sent every ten minutes, or as frequently as possible. The Ignore action ignores events that match the classification. The Delete function removes matching records from the browser in order to free up memory. The Rank action increases the priority/rank of the records that match the classification. The Disable function allows a user to disable a classification without deleting it.
The Search functionality of the classification interface now allows users to search against a classifications’ name, category, IP address, IDS alerts, service alerts, and log message values. All a user has to do is type a value into the Search field to find classifications to match that query. The search will match against values in the classification name, category, addresses, and events field.
Once upon a time, deleting a classification was an irreversible action. Now, that can be undone. If the user deletes a classification only to realize later that they need it, they can restore the classification from the Trashed Classifications list.
Transferring classifications is now much easier. By employing the Upload Classifications feature, a user can transfer classifications in bulk between two different domains. The option is listed as the Upload Classifications button and selecting this opens the uploader. Classifications must be in JSON format and contain all the required information for the classification.
More information regarding the recent improvements in the Event Classification menu can be viewed on the MetaFlows User Manual. If using any of the four new features causes any confusion, or if there are any questions, do not hesitate to contact the MetaFlows team for assistance.