Back to Flagged Events

Live Analysis

Security Event Monitor

Event Analysis

Comprehensive security event investigation

Event ID: {{ log.id }} {{ log_type|capitalize }} Log

Risk Assessment

{{ risk_score if risk_score is not none else 75 }}%

{% if matching_rules %}

Matched Sigma Rules

{{ matching_rules|length }} Active Detections

{% for rule in matching_rules %}

Detection ID {{ rule.id }}

{% if rule.description %}

Description

{{ rule.description[:180] }}{% if rule.description|length > 180 %}...{% endif %}

{% endif %}

{% if rule.author %}

Author {{ rule.author }}

{% endif %} {% if rule.date %}

Date {{ rule.date }}

{% endif %}

{% if rule.tags %}

{% for tag in rule.tags[:4] %} {{ tag }} {% endfor %} {% if rule.tags|length > 4 %} {{ rule.tags|length - 4 }} more {% endif %}

{% endif %} {% if rule.status %}

Status {{ rule.status }}

{% endif %}

{% endfor %}

{% else %}

No Sigma Rules Matched

This event did not trigger any Sigma detection rules

The event appears to be routine activity

{% endif %}

Event Information

Event Type

Event ID

#{{ log.event_id if log.event_id else 'N/A' }}

Timestamp

{{ log.time_created.strftime('%Y-%m-%d %H:%M:%S') if log.time_created else 'N/A' }}

Computer System {{ log.computer }}

User Account {% if log_type == 'security' %} {{ log.subject_user_name if log.subject_user_name else log.target_user_name if log.target_user_name else 'N/A' }} {% else %} {{ log.user if log.user else 'N/A' }} {% endif %}

{% if log_type == 'sysmon' %}

Sysmon Process Details

{% if log.image %}

Process Image

{% endif %} {% if log.process_id %}

Process ID

{% endif %} {% if log.command_line %}

Command Line

{% endif %}

{% elif log_type == 'security' %}

Security Event Details

{% if log.target_user_name %}

Target User

{% endif %} {% if log.subject_domain_name %}

Domain

{% endif %}

Risk Analysis

{{ risk_score }}%

Overall Risk

Risk Factors

Rules Matched

{% if log_type == 'sysmon' %}{{ log.event_id or 'N/A' }}{% else %}1{% endif %}

Event Type

{% if risk_factors %}

Identified Risk Factors:

{% for factor in risk_factors %}

{% if factor.description %}

{% endif %}

{% endfor %}

{% endif %}

Quick Actions

View All Events {% if log_type == 'sysmon' and log.computer %}

Events from System {{ log.computer }}

{% endif %}

Raw Log Data

{{ log_dict | safe_tojson(indent=2) if log_dict else '{}' }}

Sigma Rule Details

Rule ID

Severity Level

HIGH

Author

Unknown

Date

Unknown

Description

Rule description will appear here

Why This Rule Matched

Detection Triggered

This rule was triggered because the event contains patterns or indicators that match the detection criteria.

Complete Sigma Rule (YAML)

sigma_rule.yml

# Sigma rule will appear here

Event Analysis

Matched Sigma Rules

{{ rule.title }}

No Sigma Rules Matched

Event Information

Sysmon Process Details

Security Event Details

Risk Analysis

Identified Risk Factors:

Quick Actions

Raw Log Data

Sigma Rule Details

Description

Tags

Why This Rule Matched

Complete Sigma Rule (YAML)

References

False Positives