Skip to main content
Version: 2.15.X

Cogynt Workstation Setup Guide

The Cogynt Workstation setup guide covers the initial usage of Workstation, and is organized into these basic steps:

  1. Ingest data into Workstation.
  2. Verify data ingestion occurred.

About This Guide

This guide assumes you have met the prerequisites for using Workstation, and logged into your Cogynt Workstation URL with these minimum permissions:

  • Ingest: Edit
  • Notification Settings: Edit.

This guide also assumes your role is one of the following:

  • Individuals responsible for the configuration and global administration of Workstation
  • Intelligence / Threat / Data Analysts

Ingesting Data Into Workstation

Analysts can only work with data once that data has been ingested. Each event listed includes all event decorations associated with the event, and the number of Records to be ingested.

To ingest data:

  1. At the top right of Cogynt Workstation's home page, click the Settings cog.
  2. From the left side drawer, click Data Ingestion. This is the default selection when clicking the Settings cog from the Workstation homepage.
  3. Locate the data stream of records to be ingested. Use the search function on the upper left side if necessary.
  4. To the right side of the data stream, click the More menu (), then click Run. The Status of the data stream will change to Running.

After your data is ingested, you can create workspaces and use widgets to analyze it.

Optionally, configure tags to help organize events, or customize event notifications to raise awareness of events within a specific risk_score.

Filtering Ingested Data

Use the Data Ingestion table to filter by Ingestion Status, Project the event belongs to, the Event Types, or search for a keyword within the event's title.

Once data is ingested, you are ready to create a workspace and manage your data collections. To unlock Workstation's full potential, we recommend you customize event decorations.

Verifying Data Ingestion

Once data is ingested, it begins to populate the event stream. If certain events are not visible, verify those events have been ingested into Workstation and are not experiencing any issues.

To confirm Cogynt Workstation is ingesting data and ready for analyst work:

  1. At the top right of Cogynt Workstation's home page, click the Settings cog.
  2. From the left side drawer, click Data Ingestion. This is the default selection when clicking the Settings cog from the Workstation homepage.
  3. In the Data Ingestion table, locate the Event Type to check status.
  4. In the Status column, note the color associated with your event type.
    • Generally, it should be possible to view events that are in Running or Suspended states.

An event can have any of the following Ingestion Statuses:

StatusColorDescription
InactiveGrayThis event type has not been ingested.
RunningGreenThis event type is actively being ingested into Workstation from Kafka
Topic Does Not ExistRedThe Kafka topic that this event type is consumed from can no longer be found (the Kafka topic was possibly deleted).