Understanding what makes up a context
Contexts consist of two components:
- The simple details show only alerts and logs regarding the creation and killing of all processes that were run on the agent within the attack perimeter. The simple details are shown by default in the detailed context report.
- The full details show all the logs that the agent produced in the attack perimeter, including those that do not usually appear in the administration console. For example, even logs that remained local on the agent or that were sent to a syslog server can be seen in the full details. They are generated by the Stormshield - Audits of attack contexts rule set of the default policy.
Depending on the agent group configuration, the display of the full details may need to be manually enabled.