Working with Activity Watchers

The Activity Watchers screen is where you create and manage your Activity Watchers. It's important to remember that Watcher does the following:

  • Monitors in real time to detect activity.

  • Based on Activity Watchers (queries) you set up, it creates Activities.

Expand a section for more information:

1. From the left menu, click Sensitive Data Watcher.

2. Click Activity Watchers.

3. Activity Watchers are displayed in a table with the following information:

  • Activity Watcher Name: Name assigned to the Activity Watcher
  • Severity Level:
    • Levels 1-10
    • Severity Group
      • Red: High
      • Orange: Medium
      • Blue: Low
  • Description: Hover over the link to view the full description.
  • Composition: Hover over the link to view the linked Target.
  • Deploy: Status of deployment.
  • More options

4. Click a column to sort ascending.

5. Click the column again to sort descending.

1. You can search for Activity Watchers by:

  • Name
  • Description
  • Composition
  • Deploy Status

2. Type the search query in the box and the results are sorted and displayed in the table below.

3. Click the x to clear the search term.

To add a new Activity Watcher:

1. In the top right of the screen, click Actions.

2. Select Add Activity Watcher from the drop-down list.

3. On the Basic Information tab, fill in the following:

a. Activity Watcher Name: Type the Activity Watcher name.

b. Activity Watcher Description: Type an Activity Watcher description.

c. Severity: Use the slider to set the severity level.

4. Click Next.

5. On the Query tab, do one of the following:

a. Search Queries to Add: Type a search term in the box and any matching queries are displayed in the Query list to Add.

b. Add a Query: To add a query, see Add a Query for more information.

6. On the Summary tab, review all the information.

7. Click Finish and Save else click on a section or click Previous to edit the changes.

To export the definition list:

1. In the top right of the screen, click Actions.

2. Click Export.

3. The definition file is exported to your local computer.

To manage an Activity Watcher:

1. Locate an Activity Watcher in the Activity Watchers table.

2. In the far right column, click the more actions menu .

3. Select Manage Activity Watcher from the drop-down list.

4. On the Manage Activity Watcher screen you can edit the information in the following tabs:

  • Basic Information
  • Query
  • Summary

Note: See Add a New Activity Watcher for more information.

5. Click Finish & Save on the Summary tab to save changes or Exit Without Saving to discard the changes.

To add a query:

1. From the New Activity Watcher or Manage Activity Watcher screen, go to the Query tab.

2. Click Add Query.

3. On the Add New Query screen, fill in the following:

c. Query Logic: Type the query logic.

d. Title: Type the query title.

e. Category: Select the query category from the drop-down list.

f. Custom Category: Type a new query category. Click + to display the newly added category to the Category field.

g. Severity: Use the slider to set the severity level.

h. Description: Type the query description.

4. Click Confirm to save or Cancel to discard the changes.

To edit a query:

1. From the New Activity Watcher or Manage Activity Watcher screen, go to the Query tab.

2. Locate the query in the query table.

3. In the far right corner, click the more options menu.

4. Click Edit Query.

5. On the Edit Query screen, make needed changes.

6. Click Confirm to save changes or Cancel to discard.

To delete a Query:

1. From the New Activity Watcher or Manage Activity Watcher screen, go to the Query tab.

2. Locate a query in the Query List table.

3. In the far right column, click the more actions menu.

4. Click Delete Query.

5. Click Confirm to delete the query or Cancel to discard.