Telemetry Dashboards
General Description
Dashboards Smart EDR: Linux Telemetry and Smart EDR: Windows Telemetry are designed for analyzing
process and file activity on hosts running Linux and Windows.
The dashboards allow:
- tracking process and user activity
- analyzing file system events
- identifying abnormal or suspicious activity
- obtaining detailed telemetry for a selected host
Both dashboards have the same structure and differ only in the set of collected events, depending on the operating system.
Main Sections
General Metrics and Process Activity
Displays summary telemetry indicators and dynamics of process activity for the selected host and user:
- number of active processes
- total number of file events
- number of created and deleted files
- host uptime
- process activity dynamics
The section allows quick assessment of the current system state, activity level on the node, and identification of spikes or abnormal process behavior.
Process Attributes
Allows detailed analysis of process events:
- process start time
- event type
- PID and process GUID
- user under whom the process is running
- process integrity level (for Windows)
- host and operating system
The table supports filtering by key parameters and is used for incident investigation.
File Event Dynamics
Visualizes file activity on the host over time:
- file creation, deletion and reading
- content and attribute changes
Charts allow tracking file system behavior and identifying abnormal actions.
File System Events
Displays detailed information about file system events:
- event type
- file name and path
- user and file owner
- host and operating system
- exact event time
The table is used for analyzing action chains and confirming suspicious activity.
