Skip to main content

Navigation

The Fluency Main menu can be accessed from selecting the "hamburger" menu icon at the top left-hand corner, next to the word Fluency.

This is the main method of navigation within the Fluency interface, and allows the user to quickly select and access the many different features of the Fluency SIEM / Platform.

Overview

Located in the upper left corner of the Menu, the Overview section contains pages that provides an overview and summary of your Fluency instance, as the name suggests.

  • Overview Summary is the primary entry point for Behavior Alerts. These are the alerts generated by the SIEM, based on the collected data.
  • Platform Summary provides an executive summary of Fluency Platform's key metrics and status. In contrast with the alert and data analysis oriented Overview page, Platform focuses on the data ingestion.
  • Dashboards is the home page for FPL reports. View existing report results here, or execute new "on-demand" report tasks.
  • Setup Review is there to provide basic configuration and information on the Fluency instance. Syslog settings and certificates can be viewed here.

Platform

Located below Overview, on the left menu column, the Platform section contains the pages related to Fluency Platform and its role in data ingestion.

  • Configuration is the starting point for Fluency Plaform, and provides a “pipe" visualization of the current data ingress. New components can be added and configured from here.
  • Processors shows the current Fluency Programming Language (FPL) data processors/parsers in the system. These processors are used in Platform's router components. Additionaly, FPL Actions and Rules are also found here.
  • Integrations shows new and existing integrations into Fluency Platform. These integrations allow Fluency to integrate (collect or send) data from/to other products.
  • Imported Devices shows a listing and status of imported devices by Platform. The entries and statistics are automatically generated, from the data passing though the various processors.

Reports

The Reports page is the third section of the left menu column. This sections contains all the Report and Task related pages. These Reports are created using FPL, and produces the results and entries shown in the Dashboards under Overview.

  • Report Scheduler shows all available FPL Report (templates) currently deployed. New report "tasks" can be run from a template directly, or configured on a "schedule". The outputs of these templates are the same as the those shown under Dashboards.
  • Report Task Editor is the built-in editor to creating new FPL tasks / reports, and viewing their layout / results.
  • Task History shows the results of all prior FPL "task" executions. The entries are grouped by name, for clarity.
  • Recent Task Status is a timeline showing the current and recently executed tasks. This page is particularly useful for monitoring long-running FPL tasks and reports.

Metrics

Fluency Platform has built-in support for data ingestion Metrics collection. The final section on the left menu column was created to showcase these pages.

  • Metrics Alerts shows the metrics alerts generated by Platform. These new types of alerts are presented in a similar layout to the Overview Summary.
  • Notifications alllows you to configure notifications for these alerts.
  • System Status shows the system / operational status of Fluency. The data for this page is collected from Platform's metrics.

Data Lake

At the top of the central left menu column is the Data Lake section. This is main data section for Fluency SIEM.

  • Network Flows shows the collected or generated Network traffic data, while
  • Events Search shows all other data. These pages allow the user to search for and view all events collected and stored by Fluency.

EventWatch

The EventWatch section contains pages related to the alerts generated by the SIEM via the Fluency Behavior Rules.

  • Behavior Rules shows all the rules currently in Fluency. Rules can be custom / user created, or imported from Fluency's repository. These rules can also be disabled or enabled individually.
  • Behavior Timeline shows all the "notable events" generated by the Behavior Rules.
  • Behavior Summary shows the generated alerts. These entries also populate the Overview Summary page. The alerts are grouped daily "summaries" of Behavior Timeline events.

Data Tables

The Data Tables section contains all the user-modifiable tables used by EventWatch and other parts of Fluency.

  • Behavior Filter shows all "filters" currently deployed in the system. These filters are applied on a per-rule bases, and serves to allow the user to fine-tune the alerts generated by the Behavior Rules.
  • EntityInfo Lists contains all the "lookup" tables defined in the system. These tables can be user created, or imported from Fluency's repository.
  • Reputation Feeds similar to EntityInfo Lists, these Reputations Feeds function as "lookup" tables in the system. Data from these feeds (external URLs) are downloaded / updated at specified intervals.
  • Search Facets contains all the search query facet "templates" used in the Data Lake pages. These facets can be user created (from the Flows/Event searches page directly), or imported from Fluency's repository.

Query

Hidden by default, the final section of the left central menu column contains the FPL (v1) pages, and exist here to show the results of tasks and reports still run on the legacy system.

  • Dashboards show the legacy FPL (v1) dashboards.
  • Reports is the legacy Report Scheduler page.
  • Sandbox is the FPL (v1) "Task Editor" page, while
  • History is the legacy "Task History" page.

Resources

This sections shows data tables from configured "Resource" integrations. Resource integrations do not always correspond a data source.

Configuration

The bottom section of the central left column contains pages that relates to system configurations. Many non-data related settings and options are configured here.

User Admin

The top section on the right column is the User Administation section. Pages in the section allows for to management of users accessing Fluency. Additionally, API tokens are created here.

Legacy

Legacy (and rarely used) features such as "Flows Summary", "Recents" and "Metaflow Risk" have been removed or hidden under the Legacy sections.

Page last updated: 2024 Apr 20