Table of Contents
Advertisement
If you want to see how often in general this user is attempting a Telnet, remove DestinationIP,
SensorType and, Severity from your filter or create a new filter. The results show all the
destination IPs this user is attempting to Telnet to.
If any of your events are correlated events, you can right-click View Trigger Events to find what
events triggered that correlated event.
NOTE: Correlated events have the SensorType column populated with a C.
13.2 Creating Incidents
Creating an incident is useful in grouping a set of events together as a whole representing something
of interest (a group of similar events or set of different events that indicate a pattern of interest such
as an attack).
If events are not initially displayed in a newly created incident, it is probably because of a lag in the
time between display in the Real Time Events window and insertion into the database. If this occurs,
it might take a few minutes for the original events to finally be inserted into the database and display
in the incident.
NOTE: It is possible to create an incident that does not contain any events. Events can always be
added to incidents.
1 In a Real Time Event Table of the Visual Navigator or a Snapshot Real Time Event Table,
right-click an event or a group of events and select Create Incident.
In the Incident Window are the following tabs:
Events: Shows which events make up the incident.
Assets: Show affected assets.
Vulnerability: Show related asset vulnerabilities.
Advisor: Asset attack and alert information.
iTRAC: Use this tab to assign an iTRAC
History: Incident history.
Attachments: Use this tab to attach any document or text file with pertinent information
to this incident.
Notes: Specify any general notes regarding this incident.
process.
TM
Quick Start 297
Advertisement
Table of Contents
