New CloudGuard Log.ic feature: Activity Timeline
Log.ic now supports activity timeline.
Activity timeline shows a list of activities that were preformed on the selected resources by time. The timeline allows to investigate what actions were performed by the different users and resources in the account over the selected time period.
The timeline can be used in numerous scenarios. Here are some examples:
- Track the activity of a resource over time ("show me all the actions of a specific user/service").
- Track all actions that were performed on a resource over time (i.e. "who accessed/changed the configuration/data of the resource").
An investigation can be conducted following any type of alert, including the Dome9 Compliance Engine. It can also be used alongside the Log.ic "network activity" module. For example, in case of a Dome9 Compliance alert that reports on an exposing a resource to the internet, the timeline can be used to track which user performed the action, what were the actions that preceded the security group modification, as well as the actions that were performed afterwards. The network activity can be used to track the traffic patterns that entered the VPC following the exposure.
To view the timeline, select a node in the "Account Activity" map.
Then select the "Timeline" tab in the information panel to the right.
Clicking on an action would present a dialog that allows to use the action in the GSL that generates the view, or open the activity log.
The lower part of the information panel allows to filter by user agents.