Events

The Investigate Events page offers detailed visibility into the network activity of AWS Appliances. Network connection-based events are analyzed at each AWS appliance level, and event logs are generated. CDR imports these event logs and displays them on the event page.

The events tab consists of the following components:

1. Duration: The duration for which you would like to see the network events. Example: Today, Last 1 Hr, Last 24 Hr, Last 7 days
2. Search for Events: Use event-specific QQL tokens to search for specific connection events, or filter events based on a specific search criterion. For more information, refer to "Event Tokens" for the Investigate tab.
3. TIMESTAMP: The column displays the exact date and time when the connection event occurred. Example: "June 25, 2025 11:30 AM"
4. APPLIANCE: This column displays the AWS Appliance name.
5. ORIGINATOR IP: This column displays the source IP address of the connection event.
6. RESPONDER IP: This column displays the responder's IP address of the connection event.
7. COUNT: Shows the number of occurrences of the event within the time frame.
8. DURATION: Displays the length of the event.
9. PORT LIST: Displays the list of network ports for the event. Example: 443/tcp
10. SERVICE LIST: Displays the event's service list.
11. UPLOAD BYTES: This column displays the total data uploaded for each connection event.
12. DOWNLOAD BYTES: This column displays the total amount of data downloaded for each connection event.

Known Issues

• The 'View All Tokens' help causes a 404 error when clicked, which we plan to fix in a future release.