1. US SAR User Guide
  2. Analyzing Reports
  3. Suspicious Activity Information
  4. Additional Information
  5. Cyber Event Details

6.5.4.2 Cyber Event Details

Use this pane to provide the cyber event types used in this suspicious activity.

To manage Cyber Event Details , follow these steps:
  1. On the Additional Information pane, go to the Cyber Event pane.
  2. To modify the required cyber event details, select the required Record Number, and click Edit . The Cyber Event window is displayed.
  3. Modify the cyber event details.
  4. Click Save. A confirmation message is displayed.
  5. To remove the cyber event associated with the report, select the required Record Number, and click Delete . The cyber event associated with the report is deleted from the list.
  6. To add a new cyber event, On the Cyber Event pane, click Add . The Cyber Event Details window is displayed.
  7. Enter the cyber event fields.

    Table 6-8 Cyber event

    Fields Description
    Cyber Event Type Select the cyber event type from the drop-down list. For example, Command and Control, Suspicious IP Addresses, and so on.
    Cyber Event Description Enter the cyber event description.
    Other Description Enter the additional description.
    Activity Date Enter the date of suspicious activity.
    Activity Time Enter the time of suspicious activity.
  8. Click Save. A confirmation message is displayed, and a new cyber event is added to the list.

    Note:

    • The value provided must adhere to the following requirements: 4000 characters or less; must be in the following format based on these specific types of cyber events:? Command and Control/Suspicious IP Addresses:
    • If the IP address is IPv4, use a variation of the format nnn.nnn.nnn.nnn (n = number) with periods between the segments. The first set of numbers must be valued between 1-255 (inclusive); the second, third, and fourth set of numbers must be valued between 0-255 (inclusive).
    • If the IP address is IPv6, use a variation of the format cccc:cccc:cccc:cccc:cccc:cccc:cccc:cccc (c = character, IPv6 is alphanumeric in some segments) with colons between the segments.
    • URL/Domain names: Must contain at least one period, no spaces, cannot begin or end with a dash.
    • Media Access Control (MAC) Addresses: Must be in the XX:XX:XX:XX:XX:XX format.
    • Email Addresses: Must contain @ symbol and at least one period following the @ symbol