NOTE: If events are not initially displayed in a newly created Incident, it is most likely because of a
lag in the time between display in the Real Time Events window and insertion into the database. If
this occurs, it might take a few minutes for the original events to finally be inserted into the database
and display in the incident.
To create an Incident:
NOTE: It is possible to create an incident that does not contain any events. Events can always be
added to Incidents.
1 In a Real Time Event Table of the Visual Navigator or a Snapshot Real Time Event Table,
select an event or a group of events and right-click and select Create Incident.
Creating Incident
Figure 14-2
2 In the Incident Window are the following tabs:
Events: Shows which events make up the incident
Assets: Show affected assets
Vulnerability: Show related asset vulnerabilities
Advisor: Shows the attack information
iTRAC: Under this tab, you can assign an iTRAC Process
History: Incident history
Attachments: You can attach any document or text file with pertinent information to this
incident
Notes: You can specify any general notes you want to refer regarding this incident.
3 In the Create Incident dialog box, provide:
Title
State
Severity
Priority
4 Click Create. The incident is added under the Incidents tab of the Sentinel Control Center.
Category
Responsible
Description
Resolution
Quick Start 311