Cogynt Workstation Setup Guide
The Cogynt Workstation setup guide covers the initial usage of Workstation, and is organized into these basic steps:
About This Guide
This guide assumes you have met the prerequisites for using Workstation, and logged into your Cogynt Workstation URL with these minimum permissions:
- Workstation: Ingest: Edit.
- Workstation: Notification Settings: Edit.
This guide also assumes your role is one of the following:
- Individuals responsible for the configuration and global administration of Workstation
- Intelligence / Threat / Data Analysts
Ingesting Data Into Workstation
Analysts can only work with data once that data has been ingested. Unless an event history is present for the deployment, users will only see a column and option to ingest event data.
Each event listed includes all event decorations associated with the event, and the number of Records to be ingested.
To ingest data:
- At the top right of Cogynt Workstation's home page, click the Settings cog.
- From the left side drawer, click Data Ingestion. This is the default selection when clicking the Settings cog from the Workstation homepage.
- Locate the data stream of records to be ingested. Use the search function on the upper left side if necessary.
- To the right side of the data stream, click the More menu (⋮). The next steps change depending on the actions taken.
- For event data:
- Click Run. The Status of the data stream in the Ingestion Status column will change to Running.
- Click Stop. The Status of the data stream in the Ingestion Status column will change to Inactive.
- For event history data:
- Click Enable Event History. The status of the data stream in the Event History column will change to Running.
- Click Disable Event History. The status of the data stream in the Event History column will change to Disabled.
- For event data:
After your data is ingested, you can create workspaces and use widgets to analyze it.
Optionally, configure tags to help organize events, or customize event notifications to raise awareness of events within a specific risk_score.
Filtering Ingested Data
Use the Data Ingestion table to filter by Ingestion Status, Project the event belongs to, the Event Types, or search for a keyword within the event's title.
Once data is ingested, you are ready to create a workspace and manage your data collections. To unlock Workstation's full potential, we recommend you customize event decorations.
Verifying Data Ingestion
Once data is ingested, it begins to populate the event stream. If certain events are not visible, verify those events have been ingested into Workstation and are not experiencing any issues.
To confirm Cogynt Workstation is ingesting data and ready for analyst work:
- At the top right of Cogynt Workstation's home page, click the Settings cog.
- From the left side drawer, click Data Ingestion. This is the default selection when clicking the Settings cog from the Workstation homepage.
- In the Data Ingestion table, locate the Event Type to check status.
- In the Status column, note the color associated with your event type.
- Events that are in Running or Suspended states are viewable.
An event can have any of the following Ingestion Statuses:
| Status | Color | Description |
|---|---|---|
| Inactive | Gray | This event type has not been ingested. |
| Running | Green | This event type is actively being ingested into Workstation from Kafka |
| Topic Does Not Exist | Red | The Kafka topic that this event type is consumed from can no longer be found (the Kafka topic was possibly deleted). |