Viewing Event Details
When events are dragged into the Object Details Viewer, the widget changes to the event details viewer displaying the most recent version of whatever event is dragged into it.
A Collections tab containing a count of all collections the event is linked to, as well as a link to those collections.
Event Detail Data Fields
The widget displays the information available on the event based on the data type of each data field.
Type of Data | Description |
---|---|
Risk Level | Adds the most recent risk_score value color-coded according to severity. |
Text / Boolean / Float / Integer / IP / Unique ID | Displays strings of the selected type. |
Arrays | Any array is rendered as text strings where each entry is separated with line breaks. |
Timestamps | Date time fields rendered in the viewer's local timezone. |
Geo Data | Geo-data, whether coordinates or polygons, is displayed in a small preview map. |
URL | URLs are displayed as clickable links that navigate to the URL using your computer's web browser. |
Note
The widget enforces a maximum height for long fields (such as strings or arrays). At the right of the field, use the scroll box to review any obscured data.
Seeing [object Object] appear for a field indicates that the event data is supplied to Workstation in an unsupported format. In this situation, contact the modeler of the data to correct the formatting.
Lexicon Matches
If lexicons
were created in Authoring, fields of text containing matches will be highlighted in yellow.
Using Event Detail Templates
Event detail templates alter the display and layout of an event's fields to emphasize specific data that is most relevant to analysis. Event detail templates are selectable by template name, and used when an event is loaded into Object Details Viewer.
To select an event detail template:
- From a working view at the top right of event details viewer, click the three dot menu (⋮). A context menu opens.
- Hover over Templates to open a new context menu containing a list of event detail templates.
- Click the event detail template desired. Object Details Viewer changes to reflect the selected template. Alternatively, select None to return the event details viewer to its default state.
Note
The Object Details Viewer remembers that a template was selected if additional events are dragged in. This memory persists until the view is reloaded, or if the user clears the Object Details Viewer.
Manual Actions
Specific events can be flagged with a manual action selected from an event type's list of available actions. Modelers configure this list in the Cogynt Authoring application.
Tip
Your Cogynt modeler can help determine whether there is a custom workflow designed for comments.
Manual actions send messages to Kafka via the _cogynt_manual_actions
topic. Executed manual actions are read in Authoring and further update the corresponding event based on a defined logic.
Examples of updates include:
- Changing the risk score.
- Deleting the event.
- Modifying a value for a field.
To conduct manual action:
- Enable manual actions for the event type in Authoring and drag the desired event into the Object Details Viewer.
- From a working view at the top right of event details viewer, click the three dot menu (⋮) and select Manual Actions.
- In the Manual Actions menu, select the desired action. Optionally, provide a comment.
- Click Ok to confirm the manual action, or Cancel to discard the changes.
Note
Any updates to the event after a manual action has been performed require the user to reload the view to see any updates (or deletions) to the event.