• Introduction To Comodo NxSIEM
  • Logging-in To The Administrative Console
• The Main Interface
• The Dashboard
• Customer Asset Management
  • Adding Customers
  • Adding Assets For Monitoring
    • Hard Assets
    • Soft Assets
  • Downloading And Installing The NxSIEM Agent On Endpoints
  • Configuring Nxlog And Rsyslog Servers To Send Logs To NxSIEM Server
  • Editing Customers
• Log Collection Agents And Policies
  • Collection Agents
    • Downloading NxSIEM Windows And Linux Agents
    • Managing Agents
    • Agentless Log Collection
  • Log Collection Policies
    • Audit Events Policy
    • Flat File Policy
    • Remote Log Collection Policy
    • Syslog Policy
    • Configuring Log Collection Policies
• Query Management
  • Configuring Event Queries
  • Configuring Custom Dashboards
• Managing Rules
• Incidents And Cases
  • Managing Incidents
  • Managing Cases
• Live Lists
  • Managing Live Lists
  • Managing Live List Content
• Managing Reports
• Administration
  • Viewing Log Collection Summaries
  • Managing Users
  • Viewing License And Subscription Details And Configuring NxSIEM Platform URL
• Appendix 1 – Field Groups And Event Items Description
• Appendix 2 - Configuring Endpoints To Forward Logs To NxSIEM Server
• About Comodo Security Solutions

The Main Interface

The Administrative Console is the nerve center of Comodo NxSIEM, allowing administrators to add customers, enroll networks and endpoints, create polices for collecting different kinds of logs and more.

Once logged-in, the title bar displays the administrator's 'Usename', region and language, the number of incidents, and options to change the administrator's profile settings and password. The main configuration area is displayed depending on the option chosen from the drop-down, that appears on clicking the menu button at the top right. The following table explains the elements in the title bar.

	Displays the username of the currently logged-in administrator
	Displays the location, language and time zone settings as per the currently logged-in administrator.
	Displays the number of incidents detected. Clicking on the notification icon opens the Incident Management interface that allows the administrator to view the list of incidents from all the customers, assign them to respective administrative users, create cases and assign them to administrative users. Refer to the section Incidents and Cases for more details.
	Clicking this icon allows you to change your current password and log out of the MSSP platform. Refer to 'Changing Password' about how to change your log-in password.
	Operational Feeds button – Clicking this button displays the batch operations that were completed and currently running, for example, customer creation and so on.
	Navigational Menu button – Clicking this button allows administrators to navigate to the required main functional areas of the console: Dashboard, Assets, Agents, Investigation, Rules, Incidents, Live Lists, Reporting and Administration.

Main Functional Areas

• Dashboard – Allows the administrator to view graphical summary of occurred events, top detected applications, most active agents, attack sources, firewall event sources and more. Refer to the section 'The Dashboard' for more details.

• Agents- Allows the administrator to download MSSP agent for Windows and Linux, manage the agents that are installed on systems, create polices for the purpose of collecting various kinds of logs from devices, systems and more. Refer to the section 'Log Collection Agents and Policies' for more details.

• Investigation – Allows the administrator to create event queries and display the results from event queries in pie charts, bar charts and spider charts. Refer to the section 'Query Management' for more details.

• Rules – Create rules for analyzing the processed logs and to provide alerts for certain conditions. Refer to the section 'Managing Monitoring Rules' for more details.

• Incident - Allows the administrator to manage incidents, both Correlated Incidents and Default Incidents, assign/reassign incidents to users. Refer to the section 'Managing Incidents' for more details.
  

• Lists – Allows the administrator to create lists of values for fields like sources, destinations, networks, that can be used in creating event queries and correlation rules. Refer to the section Live Lists for more details.

• Reporting – Allows administrators to view a summary of logs collected from different customers, add and manage administrative users and assign them to specific customer(s) for managing them. Refer to the section 'Managing Administrators' for more details.

• Administration –  Allows administrators to view a summary of logs collected from different customers, add and manage administrative users and assign them to specific customer(s), view license and subscription details and set the sub-domain name for configuring Access URL for the administrative interface. Refer to the section 'Administration' for more details.

The administrator can change their location and language settings and login password by clicking the user icon displayed at the right end of the title bar.

To change the password

• Click the  button and choose 'Change Password' from the drop-down.

The 'Change Password' dialog will appear.

• Enter your current password in the 'Old Password' field

• Enter your new password in the 'New Password' field and confirm it in the next field.

• Click the 'Submit' button.

Use the new password next time you login to the NxSIEM platform.

To change the Region and Language Settings

• Click the  button and choose 'Region & Language' from the drop-down.

The 'Region and Language' dialog will appear.

• Choose the region and time zone to be followed from the 'Region' drop-down.

• Choose the language in which the NxSIEM web console is to be displayed from the 'Language' drop-down.

• Click the 'Submit' button.

The settings will be changed and will take effect from your next login.