Multiclass Analysis

The Multiclass Analysis is usefull when you need to show a subset of the collected information. In this tool you can use regex to filter the different information. Following the release of version 6.0.0 please go to the link: https://www.sgbox.eu/en/knowledge-base/the-custom-report-panel-functionalities-and-usage/

Requirements:

• SGBox Version 4.2.1.

Examples:

• You need show all the user that starts with admin_
• You need to exclude temporary files
• You need to filter specific events or categories

After the information are collected and shown in Class/Pattern Analysis, you can go on LM > Configuration > Multi-class Analysis.

Select the interested Classes, hosts, Patterns and at the end the apply your filter:

in the previous example we have:

• Filtered the HttpURL that ends with / in order to identify the page name
• Excluded all the HTTPUser-agent that have the word bot or crawler

You can save your search as Template or produce a report directly from here.

You can also create a dashboard on the filtered values: from SCM > Dashboard > Dashboard. Select Dashboard > Create New Dashboard > New Widget then Multiclass Analysis from the provided menu.

Select the saved Template to create the dashboard: