Review data feeds
Review the category mappings and quality of your data feeds.
Last updated
Was this helpful?
Review the category mappings and quality of your data feeds.
Last updated
Was this helpful?
Your data feeds are automatically categorized and synchronized to the Anvilogic platform every 7 days. When you add a data feed, you can view it on the Data Feeds page within 7 days.
Verify the category of your data feeds matches what you expect, as this affects your MITRE coverage. Select Maturity Score () > Data Feeds from the navigation bar, the review the categories for each data feed:
To change or add categories to a data feed:
Click on the name of the data feed.
Click Tags.
In the Data Categories, field, enter the data categories you want associated with this data feed.
Click Update when you are finished.
An initial quality feed assessment is made by the Anvilogic platform for any new data feed added to the Anvilogic platform.
Perform your own evaluation of the timeliness, logging level, field extraction, and monitoring scope for each data feed so you can assign a proper data feed quality. Feed quality is important because only Good quality feeds are used to generate recommendations on the Anvilogic platform.
To manually change the quality of a data feed:
Click on the name of the data feed.
Select one of the qualities from the Feed Quality dropdown.
Click Update when you are finished.
Select Maturity Score () > Data Feeds from the navigation bar, the review the quality for each data feed:
Auto-compute feed qualities are available for Windows event logs in Splunk. See .
