Enginsite

Overview

Enginsite is used for security monitoring and investigation workflows.

When reviewing Windows events in Enginsite, SIEM records are mapped as:

• siem > data lake > ngs.source: windows ereignisprotokoll
• gen.hostname: host name (for cluster cases, this is the specific cluster node)

Access

1. Open Enginsite in your browser.
2. URL placeholder: add the production Enginsite URL.
3. Authenticate using the standard team login flow.
4. Auth flow placeholder: document SSO/MFA details for follow-up.
5. If access is missing, contact support@hvcapital.com.

Common Tasks

Export Windows event logs (including cluster nodes)

1. In Enginsite, open the relevant Windows event dataset/search.
2. Filter to ngs.source = windows ereignisprotokoll.
3. Filter gen.hostname to the affected host.
4. For clusters, select the exact cluster node hostname.
5. Start export and choose XML or CSV.
6. Wait for export processing to complete (usually a couple of minutes).
7. Download and attach the exported file to the incident/ticket as needed.

Troubleshooting

• If no results are returned, re-check source filter (windows ereignisprotokoll) and hostname spelling.
• If cluster data appears incomplete, verify you exported from the correct node-specific gen.hostname.
• If export does not finish, retry with a narrower time window and re-run.
• If export options are missing, verify user permissions and Enginsite role.