Attachments

doc/4.0.0/Working With Finder/Organize/Categories/Understanding Categories

Contents

  1. Concept
  2. Highlights
  3. Examples
    1. Locations with mobile users
    2. Users in several countries and several departments

1. Concept

Categories provide the ability to tag NEXThink objects in order to create custom groups based on your own organization and processes. By using Categories, you can easily create investigations on specific groups, or create widgets with metrics grouped by categories.

2. Highlights

  • A Tag is defined as a [Category + Keyword] pair

  • The number of categories and the number of keywords per category is unlimited

  • Each object can have only one keyword per category

  • If no specific keyword is configured for an object, it is considered as empty

  • Tagging can be done manually with NEXThink Finder or automatically defined with auto-tagging rules

  • Auto-tagging is a persistent object property set in two specific situations - (1) as soon as a new object appears and (2) when the auto-tagging configuration is applied.

  • Tagging based on a CSV file is supported

3. Examples

Some simple examples of categories and keywords

Objects

Categories

Keywords

Sources

Location

Bern
Geneva
Lausanne
Lugano
Zurich

Users

Department

Backoffice
IT
Management
Marketing
Sales
Services

Applications

Packages

Master
Distribution
Manual
To analyze
Non-standard

Binaries

Threats

Malware
Vulnerable
Potential dangerous behavior
No threat

Destinations

Servers

Exchange Cluster
Active Directory
SAP Front-end
File Servers
Business Applications

3.1. Locations with mobile users

You want to create a category Location, and you have users in Paris, users in London and some mobile users working in London, in Paris and at home. A tag is unique per object. Since you are not allowed to configure multiple keywords from the same category to one object, choose the keywords to cover all the possible cases.

You can create three keywords (Paris, London and Mobile) and set for each computer the corresponding tag.

In Finder, the results will be the following:

  • categories_LocationsWithMobileUsers.png

In Portal, the results will be the following:

  • categories_LocationsWithMobileUsers_widget.png

3.2. Users in several countries and several departments

You have users in three countries, Switzerland, France and Spain and for each country, the same departments exists which are Sales, Services and Management.

If you want to create a widget (in Portal) with grouping by countries or by department, you can create one category Country with the three keywords Switzerland, Spain and France and one category Department with the three keywords Sales, Services and Management.

In Finder, the results will be the following:

  • categories_UsersByCountryDep1.png

In Portal, the results will be the following:

  • categories_UsersByCountryDep1_widget.png

If you want to create widgets with grouping by countries and by departments, you can create one category Country-Department with the nine keywords: CH-Sales, CH-Services, CH-Management, F-Sales, F-Services, F-Management, SP-Sales, SP-Services and SP-Management.

The result will be as follows in Finder.

  • categories_UsersByCountryDep2.png

The result will be as follows in Portal.

  • categories_UsersByCountryDep2_widget.png

last modified 2011-11-16 08:21:49