SIEM Training

Let’s get the right setup

Step 1

Place your overlay window over the recommended area of this page.

Step 2:

Scroll down to where you see the SIEM example.

Place your overlay window over this block.

Grab the corners of thee window and adjust the size if needed

Polarity: Overlaying on Top of SIEM

Polarity is meant to help augment your workflow, no matter what application you are looking at. This example is meant to showcase how Polarity can help to augment your workflow when looking at information in a SIEM product

Step 3

Select all of the text on the SIEM page and hold CTRL+C, or right click on the Polarity Overlay window and select “Search my Clipboard”

i	Time	Event
	2/15/21 1:52:05:000 PM	37,21.690344,192.168.55.133,162.159.241.165,TCP,54,62099 > 443 [ACK] Seq=1 Ack=39 Win=65535 Len=0,, field5 = TCPhost = ip-172-31-57-135.ec2.internalsource = Firewall Traffic - Sheet1.csvsourcetype = csv
	2/15/21 1:52:05:000 PM	37,21.690344,192.168.55.133,162.159.241.165,TCP,54,62099 > 443 [ACK] Seq=1 Ack=39 Win=65535 Len=0,, field5 = TCPhost = ip-172-31-57-135.ec2.internalsource = Firewall Traffic - Sheet1.csvsourcetype = csv
	2/15/21 1:52:05:000 PM	37,21.690344,192.168.55.133,162.159.241.165,TCP,54,62099 > 443 [ACK] Seq=1 Ack=39 Win=65535 Len=0,, field5 = TCPhost = ip-172-31-57-135.ec2.internalsource = Firewall Traffic - Sheet1.csvsourcetype = csv
	2/15/21 1:52:05:000 PM	34,19.706099,192.168.55.133,74.125.226.175,SSL,55,Continuation Data,, field5 = SSLhost = ip-172-31-57-135.ec2.internalsource = Firewall Traffic - Sheet1.csvsourcetype = csv
	2/15/21 1:52:05.000 PM	33,19.233835,,192.168.55.133,TCP,60,80 > 62101 [ACK] Seq=2 Ack=2 Win=64239 Len=0,, field5 = TCPhost = ip-172-31-57-135.ec2.internalsource = Firewall Traffic - Sheet1.csvsourcetype = csv
	2/15/21 1:52:05.000 PM	32,19.233734,192.168.55.133,108.162.232.205,TCP,54,"62101 > 80 [FIN, ACK] Seq=1 Ack=2 Win=64240 Len=0",, field5 = TCPhost = ip-172-31-57-135.ec2.internalsource = Firewall Traffic - Sheet1.csvsourcetype = csv
	2/15/21 1:52:05:000 PM	31,19.233649,192.168.55.133,45.128.134.14,TCP,54,62101 > 80 [ACK] Seq=1 Ack=2 Win=64240 Len=0,, field5 = TCPhost = ip-172-31-57-135.ec2.internalsource = Firewall Traffic - Sheet1.csvsourcetype = csv
	2/15/21 1:52:05.000 PM	30,19.233649,108.162.232.205,192.168.55.133,TCP,60,"80 > 62101 [FIN, PSH, ACK] Seq=1 Ack=1 Win=64240 Len=0",, field5 = TCPhost = ip-172-31-57-135.ec2.internalsource = Firewall Traffic - Sheet1.csvsourcetype = csvv
	2/15/21 1:52:05.000 PM	29,19.23343,108.162.232.200,192.168.55.133,TCP,,80 > 62100 [ACK] Seq=2 Ack=2 Win=64239 Len=0,, field5 = TCPhost = ip-172-31-57-135.ec2.internalsource = Firewall Traffic - Sheet1.csvsourcetype = csv

Step 4:

You should now have information from your integrations in the Polarity Overlay window!

Step 5:

Stream: With Stream mode, scroll up and down on the SIEM page and data will start populating into the overlay.

Highlight: With Highlight mode, ensure you are clicked on the web page and then highlights will start populating on top of the SIEM example.

-> Please Note: If all of your integrations are set to On-Demand Only recognition will not return any results.

With Polarity you have instant awareness of any information that you care about to help augment your SIEM logs.