Step 4
Step 5
Step 6
Closing Offenses
Step 1
Step 2
Step 3
Step 4
Table 5-36 Details Panel (continued)
Parameter
Description
Network Location
Specifies the network location that the event occurred.
Layer
Specifies the layer in which the network anomaly offense was
generated.
Event Number
Specifies the number for the event. This number increments for
each event.
Note: If, while an event is occurring, another event occurs for
another object in the sentry, the event number does not
increment.
Response Number Specifies the number of alerts received for the sentry. This
number increments until the configured maximum is reached. If
no maximum is configured, the number continues to increment.
Response
Specifies the value that must be exceeded before the network
anomaly offense generates.
At Time of Alert
Click the graph to view information in the Network Surveillance
interface.
Now
Click the graph to view information in the Network Surveillance
interface.
Click Show Flows to view more information on the event.
The results window appears. For more information viewing flows, see
Using the Flow
Viewer.
Click Save Report to save the offense in a report form.
Click Email Report to e-mail the offense report to a specific user.
Closing a network anomaly offense removes the information from the database.
You can close a single or all network anomaly offenses. This section includes:
•
Closing a Network Anomaly Offense
Closing All Offenses
•
Closing a Network Anomaly Offense
To close a network anomaly offense:
Click the Offense Manager tab.
The Offense Manager appears.
In the navigation menu, click Network Anomalies.
Select the offense you wish to close.
Note: To select more than one offense, press the CTRL key while you select other
events.
Click
Close.
STRM Users Guide
Managing Network Anomalies
Chapter 7
129