Skip to main content
Version: 5.1

Data Loading into the System

Introduction

Data analysis is crucial for ensuring the security of enterprise information systems. By analyzing information, it's possible to track user activity, identify potential security threats, and prevent incidents.

The use of monitoring tools, such as Smart Monitor, facilitates this process by providing automated data analysis and visualization capabilities.

The functionality of the Smart Monitor is an important tool in this process, providing comprehensive analysis and monitoring capabilities, as well as the ability to create customized reports.

About Data Import

The Smart Monitor platform supports various methods of information collection.

One of the most common methods is where data is ingested into the system directly from log sources.

The simplest method, recommended for familiarizing yourself with the capabilities of Smart Monitor, is direct data loading into the system through a specialized interface.

As an example for familiarization, we recommend using prepared data (jollymeal_wineventlog.csv).

What's Included in the Data

The data provided for familiarization contains information from the security audit log, which includes details about login attempts, changes in system settings, file access, and other actions that may pose a security risk to the system.

The example below represents a typical event presented in the prepared data sample.

JSON Example
{
  "agent": {
    "name": "jollymeal-demo",
    "id": "e13410f4-896d-4140-a4ba-4ed54ce58149",
    "type": "winlogbeat",
    "ephemeral_id": "02e29f56-c819-4371-ab81-ce9eb68c8b15",
    "version": "8.0.0"
  },
  "winlog": {
    "computer_name": "JM-MAN-014",
    "process": {
      "pid": 88463,
      "thread": {
        "id": 5651
      }
    },
    "keywords": [
      "Audit Failure"
    ],
    "level": "information",
    "channel": "Security",
    "event_data": {
      "TargetLogonId": "0x12345678",
      "WorkstationName": "JM-MAN-014",
      "TargetUserName": "SanchezThomas",
      "TargetDomainName": "JMCORP"
    },
    "opcode": 0,
    "record_id": "123456789",
    "task": "Logon",
    "event_id": 4625,
    "provider_guid": "{54849625-5478-4994-a5ba-3e3b0328c30d}",
    "time_created": "2024-03-06T07:15:09Z",
    "provider_name": "Microsoft-Windows-Security-Auditing",
    "outcome": "failure"
  },
  "log": {
    "file": {
      "path": "/app/auth-events/output/auth_events-2024-03-06.json"
    }
  },
  "destination": {
    "address": "TERM-SERV-JMCORP",
    "domain": "JMCORP",
    "ip": "192.168.16.220"
  },
  "source": {
    "address": "JM-MAN-014",
    "ip": "192.168.16.17",
    "domain": "JMCORP"
  },
  "@timestamp": "2024-03-06T07:15:09Z",
  "related": {
    "ip": [
      "192.168.16.17",
      "192.168.16.220"
    ],
    "user": [
      "SanchezThomas"
    ]
  },
  "ecs": {
    "version": "8.9.0"
  },
  "host": {
    "name": "JM-MAN-014"
  },
  "@version": "1",
  "event": {
    "original": "{\"@timestamp\": \"2024-03-06T07:15:09Z\", \"event\": {\"kind\": \"event\", \"category\": [\"authentication\"], \"type\": [\"start\"], \"outcome\": \"failure\", \"action\": \"logon-failed\", \"code\": 4625, \"provider\": \"Microsoft-Windows-Security-Auditing\", \"module\": \"security\"}, \"agent\": {\"name\": \"jollymeal-demo\", \"id\": \"e13410f4-896d-4140-a4ba-4ed54ce58149\", \"type\": \"winlogbeat\", \"ephemeral_id\": \"02e29f56-c819-4371-ab81-ce9eb68c8b15\", \"version\": \"8.0.0\"}, \"winlog\": {\"computer_name\": \"JM-MAN-014\", \"process\": {\"pid\": 88463, \"thread\": {\"id\": 5651}}, \"keywords\": [\"Audit Failure\"], \"level\": \"information\", \"channel\": \"Security\", \"event_data\": {\"WorkstationName\": \"JM-MAN-014\", \"TargetUserName\": \"SanchezThomas\", \"TargetDomainName\": \"JMCORP\", \"TargetLogonId\": \"0x12345678\"}, \"opcode\": 0, \"record_id\": \"123456789\", \"task\": \"Logon\", \"event_id\": 4625, \"provider_guid\": \"{54849625-5478-4994-a5ba-3e3b0328c30d}\", \"time_created\": \"2024-03-06T07:15:09Z\", \"provider_name\": \"Microsoft-Windows-Security-Auditing\", \"outcome\": \"failure\"}, \"source\": {\"address\": \"JM-MAN-014\", \"ip\": \"192.168.16.17\", \"domain\": \"JMCORP\"}, \"destination\": {\"address\": \"TERM-SERV-JMCORP\", \"ip\": \"192.168.16.220\", \"domain\": \"JMCORP\"}, \"related\": {\"ip\": [\"192.168.16.17\", \"192.168.16.220\"], \"user\": [\"SanchezThomas\"]}, \"user\": {\"domain\": \"JMCORP\", \"name\": \"SanchezThomas\", \"id\": \"0005\"}, \"host\": {\"name\": \"JM-MAN-014\"}, \"ecs\": {\"version\": \"8.9.0\"}, \"outcome\": \"failure\"}",
    "code": 4625,
    "provider": "Microsoft-Windows-Security-Auditing",
    "kind": "event",
    "module": "security",
    "action": "logon-failed",
    "category": [
      "authentication"
    ],
    "type": [
      "start"
    ],
    "outcome": "failure"
  },
  "user": {
    "domain": "JMCORP",
    "name": "SanchezThomas",
    "id": "0005"
  },
  "outcome": "failure"
}

Smart Monitor provides a user-friendly data import interface designed to require no specialized technical knowledge from the user. For more detailed information, please refer to the corresponding article: Loading Data into the System.