Skip to main content
Version: 2.4

User interface

Main window

After logging into the system the Main window will have the following view:

image-20230913123707054

In the home view you can add any Dashboard that is in the system by clicking the home icon in the [Management>Dashboard] menu and will be shown when the system is started.

image-20230913123913781

In the GUI interface of the Sycope system we can distinguish two areas:

  • Top menu - on the top
  • Main menu - on the left

Top menu

At the top of the screen you can see the search bar along with a set of icons. The functionalities assigned to the icons starting from the left are:

  • image-20230605152253165- statistics

  • image-20230605152448534 - favorite filters

  • image-20230605152530420- drop down menu with data source stream you can select

  • image-20230605152609589- search bar

  • image-20230605152645644 - add filter

  • image-20230605152819843 - add to favorites

  • image-20230605152906909- time range menu

    • image-20230605152448534 - favorite time ranges
    • image-20230605152819843- add time range to favorites

  • image-20230605153022310- refresh data

  • image-20230605153236255- quick access menu

  • image-20230605153335019 - system notification

  • image-20230605153519578- system documentation for current menu/tab

  • image-20230605153553279- user option

Statistics

This menu provides the statistics for the selected data stream. Using this menu, you can quickly evaluate the values appearing in the data stream and select those that are relevant to you. The data here is limited to 10,000 records.

image-20230605162451488

For each source, the Basic fields panel shows the aggregated data regarding the value of each individual field.

PoleOpis
CountNumber of all values of a given field.
DistinctNumber of unique values of a given field.

After expanding a given field, a summary of ten fields with the largest number of values will be shown. For example, regarding the data shown in the above image, for the "Server IP" there is 10,000 values, including 739 unique ones, and e.g. for IP of "8.8.8.8", the number of values is 2237.

Then, below the Basic fields panel, the next panels will show the statistics of values for specific fields in the given source. For example, for the Netflow source it will be Measures and Ohter.

The Search bar is one of the key components of the Sycope system. By using it, you can build filters or queries, both in a simple way using graphical components, as well as using the NQL language commands (advanced mode).

image-20230605152609589

In the Filter menu you can choose how the search bar works: in simple mode or advanced mode. In addition, there is access to the Playground functionality in which you can test the operation of the NQL code.

image-20230606124536487

To create a filter from scratch, simply click on the image-20230606125229971 icon or select Add filter from the Filter menu (figure above). A creator will appear with fields to fill in.

image-20230606125333139

Another way of creating a filter is to click on the value selected in the Viewport, for example, at a specific IP address.

image-20230606125646600

image-20230606125739701

A wizard window will appear with fields filled in by the System which, of course, can be modified. After approval, the filter in the form of a tile will appear in the search bar.

image-20230606131135276

By clicking on the filter tile, you can modify the filtered values, for example, by adding more IP addresses.

image-20230606131558027

The next step in building filters that the search bar allows you to do is to add another value (in the form of a tile) and use one of the "and" or "or" logical operators.

image-20230606132955068

You can modify individual filter elements by clicking on the corresponding element.

Custom filters can be saved to favorite filters by clicking on the image-20230605152819843 icon in the search bar. The list of favorite filters is available by clicking on the image-20230605152448534 icon.

Time ranges

It is one of the most important menus in the system. Here you define the time range for which the data is analyzed. The values you set here affect the Dashboards, Widgets, filters and queries.

image-20230605154550775

When you click on the bar, the configuration window will appear.

image-20230605154645377

You can select a time interval for absolute as well as relative values. The most commonly used time intervals are also placed here. For relative time values, you can set an automatic refresh time or do it manually by clicking on the Refresh button. You can save the configured Time ranges you use frequently to favorites. To delete/clear the time range field simply click on the image-20230606114406261 icon.

Quick access menu

This menu gives you quick access to your favorite Dashboards and Dashboard groups, as well as to Bookmarks.

image-20230606112810597

Notifications

This menu contains all the notifications generated by the system. For your convenience they are colored according to their importance.

image-20230606111149418

After clicking on a notification, detailed information about it will be displayed.

image-20230606111249095

User options

The last icon in the top bar is the user options menu icon with options for the logged-in user, in this case the user is the Administrator.

image-20230606110817227

The Profile Menu allows you to change the system password.

image-20230606110914736

The Personal Settings allow you to personalize selected system parameters.

image-20230913153917238

image-20220518145827250 - is used to log out of the system.

The Main menu is located in the left sidebar. This sidebar can be rolled up or expanded by pressing the < or > symbol in the upper left corner, next to the Sycope logo.

Starting from the top, the left sidebar contains:

  • The icon area with system notifications

  • Main menu with a sub-menu

  • The "Whats new?" menu with a description of key changes for the current version of the System

    image-20230913154154279

The main menu consists of the following submenus and tabs:

  • Home

  • Dashboard

  • Alerts

  • Raw Data

  • Playground

  • Management

    • Dashboard tab
    • Widgets tab
    • Rules tab
    • Favorites
      • Filters tab
      • Macros tab
      • Bookmarks tab
    • Reports
      • Reports tab
      • Report Filters tab

  • Configuration

    • General Settings
      • System Status tab
      • Notifications tab
      • Maintenance Mode tab
      • Diagnostics tab
      • Retention tab
      • Backup&Restore tab
    • Account Management
      • Accounts tab
      • User Roles tab
      • Authorization Providers tab
    • Mapping
      • Lookups tab
      • Maintenance Windows tab
      • Business Hours tab
      • Tags tab
      • Mappers tab
    • Objects
      • Fields tab
      • Metrics tab
      • Ranges tab
      • Collectors tab
      • Recipients tab
      • Right-click actions tab
      • Email Templates tab
      • Report Schedule tab
      • Advanced Custom Aggregations tab
    • NetFlow
      • Netflow tab
      • SFlow tab
      • Forwarding tab
      • Exporter Restrictions tab
    • Security
      • Certificates tab
      • Audit Log tab
    • Integrations
      • NTP tab
      • SNMP tab
      • SMTP tab
      • Proxy tab
      • External Destinations tab
      • FTP tab
    • Update
      • Update tab
      • About tab
    • Licenses

RAW DATA menu - UI description

The [Dashboard>RAW Data] menu contains Data streams in table and chart form.

image-20230605164420396

The Graph shows the NetFlow count for each minute.

The Table in the columns contains fields that are available in the selected Data Stream which is selected from the drop-down menu.

image-20230605164654387

Please note that only 1000 records are displayed in the Table, which is indicated by the red message at the top of the table.

image-20220519113502911

You can change the fields to be displayed in the table by clicking on the "columns" drop-down menu and selecting or deselecting the fields you are interested in.

image-20230605165337408

RAW Data Advanced View

To see more detailed information for the selected Data stream, the Advanced View option is built in. To open the Advanced View, click the magnifying glass icon in the first column of the Table and the Flyout with Advanced information will appear on the right.

image-20230605165520270

You can add more rows to the Advanced view by pressing the Control key and clicking on the row you want to add.

image-20230605165632429

Search bar

The search bar and its associated icons in the top menu have the same functions as for Dashboards and widgets and are described at the beginning of this document.

To create a filter, just point the cursor at the desired element in the table and click the "plus" icon (Add to filter).

image-20230606144436399

Similar to Dashboards or Widgets, a filter wizard will appear with the fields filled in.

image-20230606144513512

After clicking the "Apply" button, a tile symbolizing the created filter will appear in the search bar and the table and graph will show the results of applying the filter.

image-20230606150021915

You can edit the filter by clicking on the tile symbolizing it.

image-20230606145625639

To extend the created filter by, for example, a specific port, just click on the desired port value (in this example it is 443) and add it in the same way as the IP address to the filter (Add filter). You can choose between the "and" or "or" logical operators.

image-20230606150234179

You can choose between the "and" or "or" logical operators.

image-20230606150309492

The result after clicking Apply looks like this:

image-20230606150339284

Each filter element can be edited by clicking on the tile that represents it.

image-20230606150708425

Advanced mode

After switching to advanced search bar mode, you can build filters based on NQL language commands.

image-20230606151003583

The Sycope system offers a mechanism of extended sub-tellings to facilitate the creation of filters in the NQL language. An example of creating a filter using this method is shown in the figures below.

image-20230606151343070

image-20230606151434688

image-20230606152210646

image-20230606152247020

image-20230606152316428

Frequently used filters can be added to favorites.

image-20230606152720116

A list of favorite filters is available at the beginning of the search bar.

image-20230606152801298

The list of favorite filters can be edited in the menu [Management>Favorites>Filters].

image-20230913154915906

Graph

In the example, the Graph shows the number of flows per time unit. In the Sycope system, the smallest granularity is 1 min.

image-20230605154857576

On the right side of the Graph there are four buttons for formatting it.

image-20230605155014873

Starting from the top, these are:

  • zoom
  • line
  • bar
  • stack
  • data view

Zoom - is used to select the area to zoom in on the graph.

image-20230605155336329

image-20230605155447798

Line - is used to change the graph from bars to line

image-20230605155558567

Bar - is used to change the graph from line to bars

Data View - is used to switch to text form which shows the numerical values on which the graph was based, that is the timestamp values and their corresponding Counts

image-20230605155909587

Last updated on