Table of Contents
Advertisement
Active Views Tab
3
The Active Views tab presents events in near-real time.
Section 3.1, "Understanding Active Views," on page 53
Section 3.2, "Introduction to the User Interface," on page 54
Section 3.3, "Reconfiguring Total Display Time," on page 57
Section 3.4, "Viewing Real-Time Events," on page 57
Section 3.5, "Showing and Hiding Event Details," on page 61
Section 3.6, "Sending Mail Messages about Events and Incidents," on page 62
Section 3.7, "Creating Incidents," on page 63
Section 3.8, "Viewing Events That Trigger Correlated Events," on page 64
Section 3.9, "Investigating an Event or Events," on page 65
Section 3.10, "Viewing Advisor Data," on page 70
Section 3.11, "Viewing Asset Data," on page 71
Section 3.12, "Viewing Vulnerabilities," on page 72
Section 3.13, "Ticketing System Integration," on page 77
Section 3.14, "Viewing User Information," on page 77
Section 3.15, "Using Custom Menu Options with Events," on page 77
Section 3.16, "Managing Columns in a Snapshot or Navigator Window," on page 78
Section 3.17, "Taking a Snapshot of a Navigator Window," on page 79
Section 3.18, "Sorting Columns in a Snapshot," on page 79
Section 3.19, "Closing a Snapshot or Navigator," on page 79
Section 3.20, "Adding Events to an Incident," on page 79
3.1 Understanding Active Views
In the Active Views tab, you can:
View events occurring in near-real time
Investigate events
Graph events
Perform historical statistical analysis
Invoke right-click functions
Initiate manual incidents and remediation workflows
An event represents a normalized log record reported to Sentinel
network, or application device or from an internal Sentinel source. There are several types of events:
External events (event received from a security device), such as:
An attack detected by an intrusion detection system
from a third-party security,
TM
3
Active Views Tab
53
Advertisement
Table of Contents
