Search another article?
Multiclass Analysis
The Multiclass Analysis is usefull when you need to show a subset of the collected information. In this tool you can use regex to filter the different information.
Requirements:
- SGBox Version 4.2.1.
Examples:
- You need show all the user that starts with admin_
- You need to exclude temporary files
- You need to filter specific events or categories
After the information are collected and shown in Class/Pattern Analysis, you can go on LM > Configuration > Multi-class Analysis.
Select the interested Classes, hosts, Patterns and at the end the apply your filter:
in the previous example we have:
- Filtered the HttpURL that ends with / in order to identify the page name
- Excluded all the HTTPUser-agent that have the word bot or crawler
You can save your search as Template or produce a report directly from here.
You can also create a dashboard on the filtered values: from SCM > Dashboard > Dashboard. Select Dashboard > Create New Dashboard > New Widget then Multiclass Analysis from the provided menu.
Select the saved Template to create the dashboard:
