cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
btkarp
Level 9
Report Inappropriate Content
Message 1 of 7

Blue Line in Event View?

Jump to solution

Can someone please explain to me what this blue line is showing? Is it showing me events that are being logged at a future timestamp or is showing me what the trend will look like in the future? I cannot seem to find any documentation as to what it is. Thanks!

blueline_siem2.JPG

blueline_siem.JPG

1 Solution

Accepted Solutions
McAfee Employee andy777
McAfee Employee
Report Inappropriate Content
Message 6 of 7

Re: Blue Line in Event View?

Jump to solution

You're able to use a view as a report.

view-report.PNG

View solution in original post

6 Replies
McAfee Employee andy777
McAfee Employee
Report Inappropriate Content
Message 2 of 7

Re: Blue Line in Event View?

Jump to solution

That blue line is showing you the average baseline using the past 5 increments of x time frame that you're looking at.

For instance, if you're looking at a month's worth of data, it will calculate the baseline on the past 5 months of data.

For current day it would be the previous 5 "Mondays". For 24 hours it would be the past 5 days.

feeeds
Level 9
Report Inappropriate Content
Message 3 of 7

Re: Blue Line in Event View?

Jump to solution

Since my question is somewhat related to baselines, I will ask it here: We have reports that show total log volume per data source for ESM.  Can we add a baseline overlay to this report so that it's easy to see if firewall logs jumped up in count or were lower than the average for the week?

thanks,

McAfee Employee andy777
McAfee Employee
Report Inappropriate Content
Message 4 of 7

Re: Blue Line in Event View?

Jump to solution

Yes, definitely. The role of the baseline is to indicate a change in pattern over a period of time. Event rate is a great use case but there are no shortage of scenarios that could be improved by adding baseline deviation.


For instance, you can leverage dynamic baselines with static correlation rules to provide more context/relevance.

feeeds
Level 9
Report Inappropriate Content
Message 5 of 7

Re: Blue Line in Event View?

Jump to solution

I don't the ability to add baselines to reports.  Does this feature only exist in certain reports?  I see it and use it with event summary graphs on the main display pages, but not able to find same setting in reports.

McAfee Employee andy777
McAfee Employee
Report Inappropriate Content
Message 6 of 7

Re: Blue Line in Event View?

Jump to solution

You're able to use a view as a report.

view-report.PNG

View solution in original post

feeeds
Level 9
Report Inappropriate Content
Message 7 of 7

Re: Blue Line in Event View?

Jump to solution

Well that makes things much easier...  I had never messed with View PDF before, so I never saw that option..

Thanks very much !!

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community