Table of Contents
Advertisement
Active Views Tab
2
Section 2.1, "Understanding Active Views," on page 35
Section 2.2, "Introduction to the User Interface," on page 36
Section 2.3, "Reconfiguring Total Display Time," on page 39
Section 2.4, "Viewing Real Time Events," on page 39
Section 2.5, "Showing and Hiding Event Details," on page 43
Section 2.6, "Sending Mail Messages about Events and Incidents," on page 43
Section 2.7, "Creating Incidents," on page 45
Section 2.8, "Viewing Events that Triggered Correlated Events," on page 46
Section 2.9, "Investigating an Event or Events," on page 47
Section 2.10, "Viewing Advisor Data," on page 53
Section 2.11, "Viewing Asset Data," on page 54
Section 2.12, "Viewing Vulnerabilities," on page 55
Section 2.13, "Ticketing System Integration," on page 60
Section 2.14, "Viewing User Information," on page 60
Section 2.15, "Using Custom Menu Options with Events," on page 61
Section 2.16, "Managing Columns in a Snapshot or Navigator Window," on page 61
Section 2.17, "Taking a Snapshot of a Navigator Window," on page 62
Section 2.18, "Sorting Columns in a Snapshot," on page 63
Section 2.19, "Closing a Snapshot or Navigator," on page 63
Section 2.20, "Adding Events to an Incident," on page 63
2.1 Understanding Active Views
The Active Views tab presents events in near-real time. In the Active Views tab, you can:
View events occurring in near real time
Investigate events
Graph Events
Perform Historical Statistical Analysis
Invoke right-click functions
Initiate manual incidents and remediation workflows
An event represents a normalized log record reported to Sentinel from a third party security,
network, or application device or from an internal Sentinel source. There are several types of events:
External Events (event received from a security device), such as:
An attack detected by an Intrusion Detection System (IDS)
2
Active Views Tab
35
Advertisement
Table of Contents
