Viewing Event Details
A single event can be viewed two ways:
- Open the event in its own browser tab.
- On a Workspace, drag an event or send an event to any Object Details Viewer widget.
The eye icon sends the event to either the only opened Object Details Viewer, or to a selection from all opened Object Details Viewer widgets.
Viewing Event Data
When viewing a single event, the following tabs may appear.
Events Tab
The Events tab shows the data available on the event. Data fields may display differently depending on their field type.
Event Detail Data Fields
The widget displays the information available on the event based on the data type of each data field.
| Type of Data | Description |
|---|---|
| Risk Level | Adds the most recent risk_score value color-coded according to severity. |
| Text / Boolean / Float / Integer / IP / Unique ID | Displays strings of the selected type. |
| Arrays | Any array is rendered as text strings where each entry is separated with line breaks. |
| Timestamps | Date time fields rendered in the viewer's local timezone. |
| Geo Data | Geo-data, whether coordinates or polygons, is displayed in a small preview map. |
| URL | URLs are displayed as clickable links that navigate to the URL using your computer's web browser. |
| JSON | JSON objects and array of JSON objects Displayed as an expand/collapsible JSON object with the ability to copy the entire object or specific levels |
The widget enforces a maximum height for long fields (such as strings or arrays). At the right of the field, use the scroll box to review any obscured data.
If [object Object] appears for a field, the event data has been supplied to Workstation in an unsupported format. Contact the modeler of the data to correct the formatting.
Using Event Templates
Event templates alter the display and layout of an event's fields to emphasize the most relevant data. Event templates are selectable by template name, and used when an event is loaded into Object Details Viewer.
To select an event template:
- From a workspace containing Object Details Viewer, drag an event from the Events Explorer into Object Details Viewer. The widget becomes Event Details Viewer.
- From the Event Details Viewer Widget, locate the Details Template dropdown menu.
- Select the desired template from the dropdown menu. The event changes to match the selected template's layout. Alternatively, select None to return the event details viewer to its default state.
The Object Details Viewer remembers which template was selected for a specific event type event when other events are dragged into it. This memory persists until the workspace is reloaded, or if the user clears the Object Details Viewer.
Lexicon Matches
If lexicons were created in Authoring, fields of text containing matches are highlighted in yellow.
Collections Tab
The Collections tab enables you to link an event to any collection. It also displays any collection the event may already be associated with.
To add the event to a collection, click Add to Collection.
Drilldown Tab
Drilldown visualizes an event's provenance when available. It represents the underlying patterns that explain the why and how of the event's creation.
The Drilldown tab only displays data if:
- Provenance was enabled on the Authoring pattern that produced the event.
- Data is available.
Link Analysis Tab
The Link Analysis tab displays the link chart for this event. For more information, see Link Analyis.
The Link Analysis tab only appears if the event is known to be an entity or linkage type, as defined by a modeler on the event's configuration in Authoring.
Map Tab
An event may have infinite fields that represent geographic data, including geo points, polygons, or an array of points and polygons. The Map tab plots up to 20 geo fields for the event on a single map at a time. The data is color coordinated so that features belonging to a specific field share the same color.
Geographically close geo points will cluster as you zoom further in and show individual points as you zoom out.
The Filter menu serves as a legend to see which fields correlate to which colors. It also allows toggling specific geo fields on or off.
The Map tab does not appear if there is no geo data present on any of the event's fields.
Attachments Tab
The Attachments tab displays any attachments that are linked to the event.
When an attached item is cleared or replaced, it is not lost or deleted, and can be found again in either the Events Explorer or Collections widgets.
Previewing Attached Files
Previewable files can be left-clicked to view the file in the browser.
Downloading Attached Files
Files can be downloaded individually, or all files can be downloaded at once as a .zip file.
To download an individual file:
- In the attachments table, locate the desired file.
- On the right side of the corresponding row, click the Download button.
To download all attached files at once, click the Download button at the top-right of the attachments table.
Attachments to events originate from patterns created in Cogynt Authoring, and the Attachments tab is only visible when attachments are available.
Actions
The Options menu at the upper-right of the event viewer provides several actions that can be taken on the event.
Manual Actions
Specific events can be flagged with a manual action selected from an event type's list of available actions. Modelers configure this list in the Cogynt Authoring application.
Your Cogynt modeler can help decide whether there is a custom workflow designed for comments.
Manual actions send messages to Kafka via the _cogynt_manual_actions topic. Executed manual actions are read in Authoring and further update the corresponding event based on a defined logic.
Examples of manual action updates include:
- Changing the risk score.
- Deleting the event.
- Modifying a value for a field.
Once manual actions for the event type in Authoring are enabled, initiate manual actions as follows:
- Drag the desired event into the Object Details Viewer.
- From the top right of Event Details Viewer, click the More (⋮) menu and select Manual Actions.
- In the Manual Actions menu, select the desired action. Optionally, enter a comment.
- Click Ok to confirm the manual action, or Cancel to discard the changes.
Any updates to the event after a manual action has been performed require the user to reload the workspace to see any updates (or deletions) to the event.
Add to Collection
A modal opens to Add to Collection.
To search an existing collection:
- At the top left, click the Search field and enter the collection's name.
- At the right side of the collection, click Add.
To create a new collection and add the event to that new collection:
- At the top right side, click + Collection. The modal changes to the Create a New Collection Screen.
- Enter a Title for the collection, and select a Priority and Status.
- Click Create to create the collection. The event will automatically be added to the newly created collection.
Open in New Browser Tab
Opens this event in a new browser tab.
Copy Link
- Click Copy Link to copy a permalink to this event. When opened, the link loads the event in its own browser tab.
- Hover over Copy Link to open a submenu that lets you copy a link directly to a specific event tab.
Export
Exports the event to a DOC template. For more information, see Using Report Builder.
The Export to a DOCX Template selection requires the user to have permissions to Workstation: Report Builder, and is used to test a DOCX template. We recommend building an advanced report using Report Builder after validating the test export.