Table of Contents
Advertisement
Section 2.2.4, "Analysis," on page 44
Section 2.2.5, "Admin," on page 44
Section 2.2.6, "Correlation," on page 44
Section 2.2.7, "Event Source Management," on page 44
Section 2.2.8, "Solution Packs," on page 45
Section 2.2.9, "Identity Integration," on page 45
2.2.1 Active Views
The Active Views tab presents events in near-real time.
In the Active Views tab, you can:
View events occurring in near-real time
Investigate events
Graph events
Perform historical queries to collect data for a specified period
Invoke right-click functions
Initiate manual incidents and remediation workflows
2.2.2 Incidents
An incident is a set of events that require attention (for example, a possible attack). Incidents
centralize the data and are typically made up of a correlated event, the associated events that
triggered a correlation rule, asset details of the affected systems, vulnerability state of the affected
systems, and any remediation information, if known. Incidents can be associated with a remediation
workflow in iTRAC
, if specified. An incident associated to an iTRAC workflow allows users to
TM
track the remediation state of the incident.
In the Incidents tab, you can:
Manage incident views
View and manage incidents and their associated data
Switch between existing incident views
2.2.3 iTRAC
The iTRAC stateful incident remediation workflow capability allows you to incorporate your
organization's incident response processes into Sentinel.
In the iTRAC tab, you can:
Create custom workflow templates
Edit workflow templates
Create custom activities
Edit activities
Sentinel Control Center
43
Advertisement
Table of Contents
