Mismatch in Infinity Portal's Infinity Event logs

RafaelSantiago — Tue, 17 Sep 2024 08:29:26 GMT

Hello everyone, I'm encountering a peculiar situation on Infinity Portal's Infinity Events tab.

Q1:

As you can see in the picture, I have selected a random day of security event logs to inspect. On the time range 9/9/2024 12:00 AM to 9/9/2024 01:00 AM (*Fixed typo that previously said "9/9/2024 12:00 AM to 9/10/2024 01:00 AM it says it has around 5 million logs" *) it says it has around 5 million logs.

However, if I click on the first column, that represents the logs in that day, from 12:00 AM to 01:00 AM, I get this:

The statistics graph shows columns that represent 5 minute intervals, but adding up the numbers in all columns, I get around 33K logs in that hour, nowhere near 5 million. This behaviour is consistent, independently of the day or hour I select.

Q1: Is this some kind of visual bug, or am I interpreting these results in the wrong way?

Q2:

On another note, its visible on the previous photos that all logs are relative to the Product Family Quantum and Cloud Service Quantum Smart-1 Cloud, which is to be expected with the current deployment.

However, when I go to Quantum Security Management & Smart-1 Cloud - Logs & Events and select Logs and the same time range I see this:

Now there's around 223K logs in that hour as opposed to the 5 million in the Infinity Events. As per my understanding the logs should be the same, but even in the scenario where the 5 million was a visual bug, it still wouldn't make sense because for the time period 9/9/2024 12:00 AM to 9/10/2024 01:00 AM, in the Security Management Logs it says 223K logs and in Infinity Events it says 33K.

I download 10K lines (maximum allowed) of the logs in both the Infinity Events and in Security Management, and after looking at a couple of random lines they seem to contain the same information (unfortunately that doesn't mean much because the 10K lines only contained logs regarding 3 seconds of that whole hour, because of the large amount of logs, so I can't say for sure that the rest of the logs would match)

Q2: If all the logs I have are generated by Quantum Security Management, why are the quantities of logs in Infinity Events and Quantum Security Management different?

Re: Mismatch in Infinity Portal's Infinity Event logs

PhoneBoy — Mon, 16 Sep 2024 16:56:32 GMT

"9/9/2024 12:00 AM to 9/10/2024 01:00 AM it says it has around 5 million logs" represents a 25 hour timeframe versus a 1 hour timeframe.
That might explain why these numbers are so far off.

Re: Mismatch in Infinity Portal's Infinity Event logs

RafaelSantiago — Tue, 17 Sep 2024 08:29:03 GMT

Hi @PhoneBoy , thank you for the reply. It was my mistake. I meant to say "9/9/2024 12:00 AM to 9/9/2024 01:00 AM it says it has around 5 million logs". I fixed it in the post.

The first column on the time frame 9/9/2024 12:00 AM to 9/10/2024 12:00 AM represents the amount of logs from 12:00 AM to 01:00 AM (5 430 578), however when I click said column I get that Statistics graphs, that has around 33K logs.

Re: Mismatch in Infinity Portal's Infinity Event logs

PhoneBoy — Tue, 17 Sep 2024 21:17:06 GMT

I wonder if "Logs" are being used where "Correlated Events" may be more appropriate.
If you open an individual log, do you see evidence of that?
There should be a counter inside the log card that reflects this.

topic Re: Mismatch in Infinity Portal's Infinity Event logs in Events

Mismatch in Infinity Portal's Infinity Event logs

Re: Mismatch in Infinity Portal's Infinity Event logs

Re: Mismatch in Infinity Portal's Infinity Event logs

Re: Mismatch in Infinity Portal's Infinity Event logs