Events

The Events View in KScope’s Data Contextualization Platform serves as a mission-critical interface for security and IT practitioners tasked with safeguarding the integrity of the code-to-cloud ecosystem. It delivers real-time, high-fidelity visibility into activity across your infrastructure, enabling swift detection, investigation, and response to security events.

Leveraging the power of KScope Blueprints, events are ingested continuously and enriched with deep contextual insights derived from the platform’s resource topology. For example, access activity on an S3 bucket isn’t viewed in isolation—it's intelligently mapped to the corresponding S3 resource node, where KScope correlates it with rich metadata such as asset criticality, application dependencies, and exposure levels. This allows teams to immediately assess whether a business-critical system is at risk, elevating the urgency and prioritization of response efforts.

The Events View is not just about individual alerts—it's about understanding patterns over space and time. By correlating events across infrastructure layers and timelines, KScope empowers users to uncover early indicators of lateral movement, potential compromise, or evolving threats within their environment.

Whether tracking unauthorized access, configuration drift, or policy violations, the Events View offers:

  • Real-time event streaming and aggregation

  • Temporal and spatial correlation of activities, highlighting potential attack paths

  • Centralized visibility across your ASPM and CSPM coverage areas

For IT and security engineers, this view is indispensable for continuous monitoring, incident triage, and maintaining the overall security posture of complex cloud-native systems. It transforms raw event data into actionable intelligence—accelerating response times and reducing risk across your software delivery lifecycle.

Layout

The Events Page by default shows data for live events and is structured as follows:

  • Time Range Filter Bar: Located at the top-right of the page, this allows users to select a specific time range to filter events.

  • Time Series Chart: Visual representation of events and their occurrence. (Not visible for Live Events)

  • Events Table: Below the filter bar, the events table displays events' data with the following columns:

    • Title: Describes the event.

    • Occurred At: The timestamp of when the event occurred.

    • Severity: The severity level of the event (e.g., Critical, Warning, Info).

    • Node Type: The type of node associated with the event.

    • Type: The category or type of the event (e.g., Alert, Action).

    • Explore: A link to explore more details about the specific event.

Key Features

Time Range Filter

The Time Range filter allows users to specify a period to view events that occurred within that range. This feature is essential for isolating events that happened during a specific time window, helping users focus on the most relevant events.

Account Filtering

The Account Filter enables users to filter events based on specific accounts. This is particularly useful when users are managing multiple accounts and need to focus on events related to a particular account or set of accounts.

Event Table Interaction

Sorting and Filtering

Users can interact with the events table by sorting and filtering data based on different columns:

  • Severity: Sort or filter events by their severity (e.g., Critical, Warning, Info).

  • Occurred At: Sort events by the time they occurred, either in ascending or descending order.

  • Node Type: Filter events by the type of node they are associated with.

Explore Functionality

The Explore link in the table allows users to dive deeper into the details of a specific event. Clicking on this link provides more information, helping users understand the event’s context and take appropriate actions.

Practical Use Cases

1. Using Time Range Filters

  • Scenario: A user wants to view events that occurred during the past week.

  • Action: The user sets the Time Range filter to the past week, which then filters the events displayed in the table to match that time range.

2. Filtering Events by Account

  • Scenario: A user needs to investigate events related to a specific account.

  • Action: The user applies the Account Filter to select the relevant account, and the table updates to show only the events associated with that account.

3. Exploring Events

  • Scenario: A user needs to gather more information about a particular event to determine the cause.

  • Action: The user clicks the Explore link next to the event in the table. This opens a detailed view of the event, offering more information to help with analysis.

Best Practices and Tips

  • Regularly Use Time Range Filters: Apply the Time Range filter frequently to focus on events within specific periods, helping track issues more effectively.

  • Prioritize High-Severity Events: Use the Severity filter to prioritize critical or high-severity events, ensuring that they are addressed promptly.

  • Accurate Account Filtering: When analyzing events, ensure the correct Account Filter is applied to avoid irrelevant data and to streamline the investigation process.

Support and Troubleshooting

Common Issues and Troubleshooting

  • Missing Events: If you notice that some events are not appearing, verify that the correct Time Range filter and Account Filter are applied. Make sure the system has sufficient data for the selected filters.

  • Page Not Loading: If the page is not loading, try refreshing the page. If the issue persists, ensure that your internet connection is stable and that there are no ongoing issues with the application’s server.

  • Unable to Explore Events: If the Explore link is not working, check if the event has sufficient data to display. If the problem persists, contact support for assistance.

For further assistance, refer to the Kaleidoscope's support team for help.

PreviousAll Database Users Count Bar ChartNextExplorer

Last updated

Was this helpful?