Skip to main content
Link
Menu
Expand
(external link)
Document
Search
Copy
Copied
Welcome
Getting Started
Fluency Web Portal
Login
User Information / Preference
Changing your password
Navigation
Getting Data into Fluency
Proof of Concept
Onboarding
Access Setup
Notification Setup
Additional Data ingress
FAQ
Administration
Users and Roles
Managing Users
Roles
Audit
Collectors
Managing collectors
Collector VM install
API Tokens
Managing API Access
Access Control
Resource API Structure
Data Sources
Featured Integrations
Amazon Web Services (AWS)
Monitoring
CloudTrail/CloudWatch Logs
Fluency Configuration
(Legacy) AWS CloudTrail
(Legacy) AWS CloudWatch Logs
PagerDuty
API Integration
Webhook
Demo Incident
Peplink SD-WAN
SentinelOne EDR
Data Ingress
Syslog Import
Supported Event Sources
Linux Syslog
Windows Active Directory
Windows Sysmon
Cloud Import (Plugins)
Azure Event Hubs
Crowdstrike Falcon
Google Workspace
Mimecast
Office365 Audit API
Microsoft Defender
DUO Security (2FA)
SentinelOne Cloud Funnel
Okta
Zoom Video
Cylance
Bitdefender GravityZone
LDAP (Requires collector)
Network Traffic Ingress
Fluency Processing Language
Data Search - Events / Metaflow
Time Selection
Search Query
Query Functions
sContent
sContains
sStartswith
sEndswith
sRange
sEntityInfo
sRegexp
sWildcard
sIsnull
Data Load - Resources
ADUser
falconAgent
sentinelOneAgent
FEHxDevice
awsIAMUser
awsS3Bucket
awsEc2Instance
awsEbsVolume
nessusPlugin
Data Extraction
let
f
where
except
condition
listfind
coalesce
Data Processing
aggregate
timechart
Table Functions
table
export
use
join
append
except
Lookup Functions
entitylookup
geoip
Utility Functions
time-related functions
sort
top
parseInt
toupper
tolower
toString
split
urlparse
regexp
len
listcount
Runtime Arguments
Guide
Examples
Basic Information
Total Bytes Used
New Users
Time Series
Top N
Geographic Distribution
Appendix (FPL)
Appendix-Resource
Appendix-System Log
Behavior Analytics
Event Watch
Creating a Behavior Model
Behavior Models (Rules)
Reports
Data Review / Workflow
Investigating a Behavior Alert
Global Summary
Behavior Summary
Behavior Timeline
Search
Defining the Query
Lucene Queries
Facets
Flow Search
Event Search
Alerts / Notifications / Actions
Event Export
Actions
Slack Integration
PagerDuty Integration
Event Processing
Normalization
Parsers
Page Functionality
Overview
Risk Dashboard
Notifications
Risk Score
Summary
Charts
Sankey
Protocol Tree
Histogram
Status
TopN
Tracking
SetUp Review
User Tables
Saved Searches
Behavior Filters
Policy Filters
Event Processors
Entity Info Lists
Reputation Feed
Resource Sync
Global
Time Range
Flow Search
Event Search
Report Edit
Report
Analytics
Event Watch
Creating an Aggregation Bucket
Creating a Behavior Model
Creating a Policy Model
Behavior Timeline
Behavior Summary
Policy Summary
Actions
Recent vs. Summary
Recent
Alerts
Address
Host Name
Summary
Alerts
Address
Host Name
Configuration
Collectors
Event Streams
Cloud Import
Event Export
Devices
Configuration
Cloud Service
Virus Total
API
AWS
Report
Slack
Syslog Export
Resource
User Admin
API Policies
Audit
Data Policies
Roles
User Activity
Users
API Tokens
Database
Data Schema
DB Segment
DB Shard
DB Status
DB Task
Search Task
DB Notification
Appendix
API Guide
Event Search
Behavior Summary Search
Requirement Standards
Mapping of FISMA Audit to Fluency
Mapping of PCI DSS to Fluency
Duo 2FA
Data Review / Workflow
Table of contents
summary - bh summary - bh timeline - flow/event search
Table of contents
Investigating a Behavior Alert
Global Summary
Behavior Summary
Behavior Timeline