.. _TrackMe User Guide: Entity Monitoring State: ####################### Entity Monitoring State ####################### Introduction to the monitored state =================================== In TrackMe, all entities have a field defining the "monitoring status". This field is a persistent field stored in the KVstore named "monitored_state" which expects two possible values: - enabled: the entity is actively monitored - disabled: the entity remains but is not considered actively nor leading to alerts .. image:: img_v2/user_guide_monitored_state/screen1.png :alt: screen1.png :align: center :width: 1200px :class: with-border Purposes of Monitoring Status ============================= The Monitoring Status field serves the following purposes: - The TrackMe main user interface filters by default on entities that are actively monitored - Entities can be disabled and hidden from the main UI without being deleted - TrackMe alerts only consider entities which are actively monitored Use Cases for Monitoring Status =============================== There are different conditions where this feature can be useful: - The Hybrid Tracker data scope means some entities that are out of interest are discovered, and these entities should not be considered anymore - A given entity representing a data provider has issues that cannot be addressed at the moment, and you want to fully exclude these entities without permanently deleting them TrackMe User Interface ====================== The main user interface filters out by default on monitored entities. However, currently disabled entities are accounted for in a single informative view, and you can also ask TrackMe to reveal entities that are currently disabled. *Drilldown: click on the single view, this automatically filters out on disabled entities:* .. image:: img_v2/user_guide_monitored_state/screen2.png :alt: screen2.png :align: center :width: 1200px :class: with-border .. image:: img_v2/user_guide_monitored_state/screen3.png :alt: screen3.png :align: center :width: 1200px :class: with-border *You can ask TrackMe to include disabled entities in the Tabulator:* .. image:: img_v2/user_guide_monitored_state/screen4.png :alt: screen4.png :align: center :width: 1200px :class: with-border *You can use the the filter function to only show disabled entities in the Tabulator:* .. image:: img_v2/user_guide_monitored_state/screen5.png :alt: screen5.png :align: center :width: 1200px :class: with-border Updating the Monitored State ============================ You can enable or disable the monitoring state on a per-entity basis, via bulk editing and via the REST API endpoints. Enabling / Disabling an entity ------------------------------ *Open the entity main screen and click on Enable / Disable:* .. image:: img_v2/user_guide_monitored_state/screen6.png :alt: screen6.png :align: center :width: 1200px :class: with-border Enabling / Disabling in bulk ---------------------------- *Select one or more entities, click on the bulk action button:* .. image:: img_v2/user_guide_monitored_state/screen8.png :alt: screen8.png :align: center :width: 1200px :class: with-border .. image:: img_v2/user_guide_monitored_state/screen8.png :alt: screen8.png :align: center :width: 1200px :class: with-border Enabling / Disabling in REST ---------------------------- *Open the REST API user interface to find the endpoint associated with the component, you can enable / disable multiple entities at once:* :: | trackme url="/services/trackme/v2/splk_dsm/write/ds_monitoring" mode="post" body="{'tenant_id': 'feeds-tracking', 'action': 'disable', 'object_list': 'eventgen-firewall:netscreen:firewall|key:region;company|emea;unknown,eventgen-firewall:netscreen:firewall|key:region;company|unknown;company001'}"" .. image:: img_v2/user_guide_monitored_state/screen9.png :alt: screen9.png :align: center :width: 1200px :class: with-border