Log Processing

The Infinity XDRClosed Extended Detection & Response/XPRClosed Extended Prevention & Response license provides an entitlement for analyzing and processing data from your subscribed products, based on data volume in gigabytes (GB). The Log processing page shows the currently processed data volume and this information is used to compare the data utilization to the entitlement.

You can also define Processing Exceptions, that exclude the data from selected products or Quantum devices from being processed by Infinity XDR/XPR. The system will not generate any incidents based on the data from the excluded items. These exceptions reduce the processed data volume. The log processing data volume displayed is the volume after considering the active processing exceptions during the display period.

The Log processing page:

  • Shows the total volume of logs processed in the designated time interval assuming the currently active processing exceptions. It also calculates the average data utilization to compare with the actual entitlement.

  • Compares the data utilization across the different product types and Quantum devices that provide data.

  • Allows you to assess potential changes to data utilization when specific products or Quantum devices are excluded from being processed by Infinity XDR/XPR, to optimize your data usage. After assessment, you can exclude their data from processing.

Note - The Log processing page displays the calculated data utilization with a two-day time delay.

To view the Log processing page, access the Infinity XDR/XPR Administrator Portal and go to Settings > Log processing.

Weekly Log Processing

The Weekly log processing widget shows:

  • Weekly log processing - Volume of logs processed in the previous week and comparison with the usage from the week before.

  • Average daily usage - Average volume of logs processed in a day.

  • Daily Entitlement - The maximum volume of logs entitled to be processed in a day.

Note - Average daily utilization from the previous week is used to ensure that both weekdays and weekends are included.

Top Weekly Usage by Products

The Top weekly usage by products widget shows the data utilized by products in the previous week. The system shows the top three product names and the rest are shown as Others.

Top Weekly Usage by Quantum Devices

Note - The widget shows data only if you have subscribed to Quantum Gateway.

The Top Weekly Usage by Quantum Devices widget shows the data utilized by Quantum devices in the previous week. The system shows the top three device names and the rest are shown as Others.

Average Log Processing

Processing by Product

The Processing by product section shows the data processed by each product over a specific time period and the entitled volume of data that can be processed. The red dotted line represents the entitlement, allowing you to compare current usage to the entitlement.

Note - Currently, Infinity XDR/XPR does not enforce the entitlement limit and continues processing data even when the limit is reached.

By default, it shows the data usage in the previous week. You can select the required time period from the top right corner.

To view the data usage on a specific date, hover over the date.

Assess Exceptions

The Assess exceptions section shows the total data volume processed by all the products. Additionally, you can assess the data usage after excluding specific products or Quantum devices from being processed by Infinity XDR/XPR. After assessment, you can exclude their data from processing.

When assessing the processing exceptions, the system always shows the data from the previous week. This ensures that the data from the most recent week is used to determine the current data utilization.

To assess the data utilization after excluding a product or Quantum device:

  1. Click the icon.

    The Assess processing exceptions window appears.

  2. Select the product(s) or the Quantum device(s) you want to exclude.

    The system shows the total volume of data usage and the reduced data usage after exclusion as dotted lines.

  3. To add the selected products or Quantum devices to the Processing Exception list, see adding to processing exception list.

Processing Exception List

After you assess the data usage by excluding specific product(s) or Quantum device(s), you can exclude their data from being processed by Infinity XDR/XPR. The Processing Exception List section shows the list of products and Quantum devices that are excluded from processing.

The Active tab shows the exceptions that are currently active.

The Audit Log tab shows the history of exceptions that were previously defined but are no longer active. This is important data to review because while the exceptions were active, no incidents would have been created based on the excluded items.

Note - The Log processing page shows information based on the active exceptions.
Adding a Processing Exception

To add products or Quantum devices to the Processing Exception list:

  1. To assess the data usage and then add to the exception list:

    1. In the Assess processing exceptions panel, select the required products/devices and click Save as exception.

      The Add processing exception window appears and shows the assessed product/device and its data usage.

  2. To directly add products or Quantum devices to the Processing Exception list, in the Processing Exception List section, click + Add processing exception on the right-side or above the table.

    The Add processing exception window appears.

  3. To add a product, in the Products section, click +Add and select the product(s).

  4. To add a Quantum device, in the Devices section, click +Add and select the device(s).

  5. (Optional) Add a comment.

  6. Click Add filter.

    The system adds the selected products and Quantum devices to the active Processing Exception list, so that Infinity XDR/XPR no longer process their data. These products/devices will appear grayed out in the Assess processing exceptions panel.

Managing the Processing Exception List

  1. To edit an active exception:

    1. In the Processing Exception List section, select the product/device and then click Edit.

    2. Make the necessary changes and click Save.

  2. To delete active exception(s):

    1. In the Processing Exception List section, select the products/devices and then click Delete.

    2. In the confirmation box, click Save.