Viewing Event Details
When events are dragged into the Object Details Viewer, the widget changes to display the most recently available data from the event. At the top of the widget, a header displays:
- The event by its event title.
- The event type by its name.
- The Cogynt generated ID for the event.
- A timestamp of the event's last update.
Each event also includes tabs for Events, Collections, Drilldown, and Attachments.
Attachments to events originate from patterns created in Cogynt Authoring, and the Attachments tab is only visible when attachments are available.
The Collections tab includes a list of all collections the event is linked to, and a link to those collections. Drilldown visualizes an event's provenance when available. It represents the underlying patterns that explain the why and how of the event's creation.
Users have flexibility in how and where an item from the Events Explorer or Collections widget is sent. From any event in the Events Explorer widget, either click the eye icon or use the more menu icon ⋮ and select from:
- Send to Object Details Viewer
- Open in new viewer widget
- Send to another View
The eye icon will send the event to either the only opened Object Details Viewer, or to a selection from all opened Object Details Viewer widgets.
Edit the name of any Object Details Viewer widget to distinguish them when working with many widgets. From the top left of any Object Details Viewer widget, click the widget's name. Enter the replacement name and either press ENTER on the keyboard or click the checkmark to change its name.
When an item is cleared or replaced, it is not lost or deleted and can be found again in either the Events Explorer or Collections widgets.
Event Detail Data Fields
The widget displays the information available on the event based on the data type of each data field.
| Type of Data | Description |
|---|---|
| Risk Level | Adds the most recent risk_score value color-coded according to severity. |
| Text / Boolean / Float / Integer / IP / Unique ID | Displays strings of the selected type. |
| Arrays | Any array is rendered as text strings where each entry is separated with line breaks. |
| Timestamps | Date time fields rendered in the viewer's local timezone. |
| Geo Data | Geo-data, whether coordinates or polygons, is displayed in a small preview map. |
| URL | URLs are displayed as clickable links that navigate to the URL using your computer's web browser. |
The widget enforces a maximum height for long fields (such as strings or arrays). At the right of the field, use the scroll box to review any obscured data.
Seeing [object Object] appear for a field indicates that the event data is supplied to Workstation in an unsupported format. In this situation, contact the modeler of the data to correct the formatting.
Lexicon Matches
If lexicons were created in Authoring, fields of text containing matches will be highlighted in yellow.
Using Event Templates
Event templates alter the display and layout of an event's fields to emphasize specific data that is most relevant to analysis. Event templates are selectable by template name, and used when an event is loaded into Object Details Viewer.
To select an event template:
- From a workspace containing Object Details Viewer, drag an event from the Events Explorer into Object Details Viewer. The widget becomes Event Details Viewer.
- From the Event Details Viewer Widget, locate the Details Template dropdown menu.
- Select the desired template from the dropdown menu. The event changes to match the selected template's layout. Or select None to return the event details viewer to its default state.
The Object Details Viewer remembers which template was selected for a specific event type event when other events are dragged into it. This memory persists until the workspace is reloaded, or if the user clears the Object Details Viewer.
Manual Actions
Specific events can be flagged with a manual action selected from an event type's list of available actions. Modelers configure this list in the Cogynt Authoring application.
Your Cogynt modeler can help decide whether there is a custom workflow designed for comments.
Manual actions send messages to Kafka via the _cogynt_manual_actions topic. Executed manual actions are read in Authoring and further update the corresponding event based on a defined logic.
Examples of updates include:
- Changing the risk score.
- Deleting the event.
- Modifying a value for a field.
Once manual actions for the event type in Authoring are enabled, conduct manual actions as follows:
- Drag the desired event into the Object Details Viewer.
- From the top right of Event Details Viewer, click the More menu (⋮) and select Manual Actions.
- In the Manual Actions menu, select the desired action. Optionally, enter a comment.
- Click Ok to confirm the manual action, or Cancel to discard the changes.
Any updates to the event after a manual action has been performed require the user to reload the workspace to see any updates (or deletions) to the event.