.. _TrackMe User Guide: Entity Monitoring State: ####################### Entity Monitoring State ####################### Introduction ============= In TrackMe, all entities have a field defining the "monitoring status". This field is a persistent field stored in the KVstore named "monitored_state" which expects two possible values: - enabled: the entity is actively monitored - disabled: the entity remains but is not considered actively nor leading to alerts .. image:: img_v2/user_guide_monitored_state/screen1.png :alt: screen1.png :align: center :width: 1200px :class: with-border Purposes of Monitoring Status ============================= The Monitoring Status field serves the following purposes: - The TrackMe main user interface filters by default on entities which are actively monitored - Entities can be disabled and hidden from the main UI without being deleted - TrackMe alerts only consider entities which are actively monitored Use Cases for Monitoring Status =============================== There are different conditions where this feature can be useful: - The Hybrid Tracker data scope means some entities are out of interest are discovered, and these entities should not be considered anymore - A given entity representing a data provider has issues that cannot be addressed at the moment, and you want to fully exclude these entities without permanently deleting them TrackMe User Interface ====================== The main user interface filters out by default on monitored entities. However, currently disabled entities are accounted for in an informative single view, and you can also ask TrackMe to reveal entities that are currently disabled. *Drilldown: click on the single view, this automatically filters out on disabled entities:* .. image:: img_v2/user_guide_monitored_state/screen2.png :alt: screen2.png :align: center :width: 1200px :class: with-border .. image:: img_v2/user_guide_monitored_state/screen3.png :alt: screen3.png :align: center :width: 1200px :class: with-border *You can ask TrackMe to include disabled entities in the Tabulator:* .. image:: img_v2/user_guide_monitored_state/screen4.png :alt: screen4.png :align: center :width: 1200px :class: with-border *You can use the the filter function to only show disabled entities in the Tabulator:* .. image:: img_v2/user_guide_monitored_state/screen5.png :alt: screen5.png :align: center :width: 1200px :class: with-border Updating the Monitored State ============================ You can enable or disable the monitoring state on a per-entity basis, via bulk editing and as well via the REST API endpoints. Enabling / Disabling an entity ------------------------------ *Open the entity main screen and click on Enable / Disable:* .. image:: img_v2/user_guide_monitored_state/screen6.png :alt: screen6.png :align: center :width: 1200px :class: with-border Enabling / Disabling in bulk ---------------------------- *Select one or more entities, click on the bulk action button:* .. image:: img_v2/user_guide_monitored_state/screen8.png :alt: screen8.png :align: center :width: 1200px :class: with-border .. image:: img_v2/user_guide_monitored_state/screen8.png :alt: screen8.png :align: center :width: 1200px :class: with-border Enabling / Disabling in REST ---------------------------- *Open the REST API user interface to find the endpoint associated with the component, you can enable / disable multiple entities at once:* :: | trackme url="/services/trackme/v2/splk_dsm/write/ds_monitoring" mode="post" body="{'tenant_id': 'feeds-tracking', 'action': 'disable', 'object_list': 'eventgen-firewall:netscreen:firewall|key:region;company|emea;unknown,eventgen-firewall:netscreen:firewall|key:region;company|unknown;company001'}"" .. image:: img_v2/user_guide_monitored_state/screen9.png :alt: screen9.png :align: center :width: 1200px :class: with-border