opensearch-docs-cn/_security-analytics/usage/index.md

---
layout: default
title: Using Security Analytics
nav_order: 20
has_children: true
has_toc: false
redirect_from:
  - /security-analytics/usage/
---

# Using Security Analytics

After creating detectors and generating findings, functionality within the several Security Analytics windows offers visualizations and tools to help you investigate and manage findings, create focused alerts and notifications, import or customize rules, and edit detectors, among other tasks. This section discusses available features, their uses, and general navigation while working in the various windows. You can use the following links to go directly to information on a specific window:

* [The Overview page]({{site.url}}{{site.baseurl}}/security-analytics/usage/overview/)
* [Working with detectors]({{site.url}}{{site.baseurl}}/security-analytics/usage/detectors/)
* [Working with findings]({{site.url}}{{site.baseurl}}/security-analytics/usage/findings/)
* [Working with detection rules]({{site.url}}{{site.baseurl}}/security-analytics/usage/rules/)
* [Working with the correlation graph]({{site.url}}{{site.baseurl}}/security-analytics/usage/correlation-graph/)
* [Working with alerts]({{site.url}}{{site.baseurl}}/security-analytics/usage/alerts/)
Add documentation for Security Analytics plugin (#1824) * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * Delete admin-api.md * Delete api-index.md * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics (#1901) Signed-off-by: Subhobrata Dey <sbcd90@gmail.com> Signed-off-by: Subhobrata Dey <sbcd90@gmail.com> Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> Signed-off-by: cwillum <cwmmoore@amazon.com> Signed-off-by: Subhobrata Dey <sbcd90@gmail.com> Co-authored-by: Subhobrata Dey <sbcd90@gmail.com> Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> 2022-11-18 13:19:06 -05:00			`---`
			`layout: default`
			`title: Using Security Analytics`
			`nav_order: 20`
			`has_children: true`
			`has_toc: false`
			`redirect_from:`
			`- /security-analytics/usage/`
			`---`

			`# Using Security Analytics`

Add documentation for detector rule creation updates (#4499) * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> --------- Signed-off-by: cwillum <cwmmoore@amazon.com> 2023-07-19 20:44:07 -04:00			`After creating detectors and generating findings, functionality within the several Security Analytics windows offers visualizations and tools to help you investigate and manage findings, create focused alerts and notifications, import or customize rules, and edit detectors, among other tasks. This section discusses available features, their uses, and general navigation while working in the various windows. You can use the following links to go directly to information on a specific window:`
Add documentation for Security Analytics plugin (#1824) * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * Delete admin-api.md * Delete api-index.md * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics (#1901) Signed-off-by: Subhobrata Dey <sbcd90@gmail.com> Signed-off-by: Subhobrata Dey <sbcd90@gmail.com> Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> Signed-off-by: cwillum <cwmmoore@amazon.com> Signed-off-by: Subhobrata Dey <sbcd90@gmail.com> Co-authored-by: Subhobrata Dey <sbcd90@gmail.com> Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> 2022-11-18 13:19:06 -05:00
			`* [The Overview page]({{site.url}}{{site.baseurl}}/security-analytics/usage/overview/)`
			`* [Working with detectors]({{site.url}}{{site.baseurl}}/security-analytics/usage/detectors/)`
			`* [Working with findings]({{site.url}}{{site.baseurl}}/security-analytics/usage/findings/)`
Add documentation for detector rule creation updates (#4499) * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#4413 detection rule updates Signed-off-by: cwillum <cwmmoore@amazon.com> --------- Signed-off-by: cwillum <cwmmoore@amazon.com> 2023-07-19 20:44:07 -04:00			`* [Working with detection rules]({{site.url}}{{site.baseurl}}/security-analytics/usage/rules/)`
Add correlation engine to Security Analytics documentation (#3814) * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#3566 correlation engine Signed-off-by: cwillum <cwmmoore@amazon.com> --------- Signed-off-by: cwillum <cwmmoore@amazon.com> 2023-05-02 13:36:27 -04:00			`* [Working with the correlation graph]({{site.url}}{{site.baseurl}}/security-analytics/usage/correlation-graph/)`
Add documentation for Security Analytics plugin (#1824) * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * Delete admin-api.md * Delete api-index.md * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics (#1901) Signed-off-by: Subhobrata Dey <sbcd90@gmail.com> Signed-off-by: Subhobrata Dey <sbcd90@gmail.com> Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> * fix#939-sec-analytics Signed-off-by: cwillum <cwmmoore@amazon.com> Signed-off-by: cwillum <cwmmoore@amazon.com> Signed-off-by: Subhobrata Dey <sbcd90@gmail.com> Co-authored-by: Subhobrata Dey <sbcd90@gmail.com> Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> 2022-11-18 13:19:06 -05:00			`* [Working with alerts]({{site.url}}{{site.baseurl}}/security-analytics/usage/alerts/)`