Watchlist Configuration
Watchlists control whether or not traffic from a specific entity will generate an alert. You can configure entries such that traffic involving those entities always causes the system to generate an alert. You can also configure those watchlist entries to expire after a configured period of time, at which point traffic involving those entities no longer causes the system to generate an alert. Figure 8-39 illustrates the alerts on the Secure Cloud dashboard.

Figure 8-39 Alerts on the Secure Cloud dashboard
Configuring the AWS CloudTrail Event Watchlist
You can configure a watchlist to generate an alert for specific AWS Cloudtrail events generated for specific AWS accounts. Follow these steps to add an entry to the AWS CloudTrail Alert Watchlist:
Step 1. Select Settings > Alerts > AWS CloudTrail Watchlist.
Step 2. Select an AWS Account ID from the drop-down or select to generate an alert if the system detects the CloudTrail event in any of your monitored AWS accounts.
Step 3. Enter a CloudTrail event. See AWS documentation on CloudTrail events for more information on the supported events.
Step 4. Click Create.
Configuring the GCP Logging Watchlist
You can configure a watchlist to generate an alert for specific GCP events generated for specific GCP projects. To add an entry to the GCP Logging Watchlist, follow these steps:
Step 1. Select Settings > Alerts > GCP Logging Watchlist.
Step 2. Click New Watchlist Item.
Step 3. Enter a GCP action. See the GCP documentation for more information on the available actions.
Step 4. Select a GCP project ID from the drop-down or select to generate an alert if the system detects the action in any of your monitored GCP projects.
Step 5. Click Create.
Configuring the Azure Activity Log Watchlist
You can configure a watchlist to generate an alert for specific Azure events. Follow these steps to add an entry to the GCP Logging Watchlist:
Step 1. Select Settings > Alerts > Azure Activity Log Watchlist.
Step 2. Click New Watchlist Item.
Step 3. Select a subscription ID from the drop-down or select to generate an alert if the system detects the action in any of your monitored Azure projects.
Step 4. Enter an operation (or action). See Azure documentation for more information on the available actions.
Step 5. Click Create.
Dashboard Overview
The Dashboard menu option presents several different ways to view your network at a high level:
• The dashboard provides a summary of alerts, entities on your network, and traffic statistics.
• The AWS visualizations present AWS-related spider graphs, with your AWS resources, security groups, and IAM permissions as nodes.
• View the overall health of your network from the dashboard.
• View the open alerts and supporting observations and other context to determine whether network behavior is malicious.
• View the models to detect historical patterns in entity, network, and other related behavior over time.
• View reports in the Help menu to understand the breadth and depth of traffic monitored by the system.
Figure 8-40 illustrates the Secure Cloud dashboard.

Figure 8-40 Secure Cloud dashboard