Novell SENTINEL RAPID DEPLOYMENT 6.1 - 12-2009 User Manual page 56

Figure 3-3
If there are more than 750 events per 30-second time period, a red separation line displays
indicating that there are more events than are displayed. The other events can be viewed
by using Historical Queries.
Figure 3-4
On saving user preferences, the system continues to collect data for four days. For
instance, if you save your preferences, log out, and log back in the following day, your
Active View displays data as if you never logged off.
If an Active View is created and not saved, it continues to collect data for an hour. If an
identical Active View is created within that hour, the Active View displays data for the last
hour.
Snapshot: Time-stamped views of a Real Time Event View table.
Active View provides you the following unique features:
Filter assigned to an Active View
The z-axis attribute
The security filter assigned to a user
The Active Views tab allows you to:
Reconfigure total display time
Add events to an incident
Close a Snapshot or Navigator window
Create an incident
Custom menu options with events
Investigate an event query
Investigate a graph map
View Advisor data
Manage columnsSend messages about events by e-mail
Show or hide event details
Take a Snapshot of a Navigator window
View events that triggered a correlated event
View vulnerability visualization
View asset data
Integrate with the ticketing system
56 Sentinel 6.1 Rapid Deployment User Guide
Gray Line Smallest Possible Display Interval
Red Line More Events Displayed