Table of Contents
Advertisement
Monitoring
This chapter includes the following topics:
■
■
■
■
■
About incident and event data
The Network Security console provides a central point from which you can
monitor all attack activity in any network location defined in the topology tree.
The Network Security console displays detailed information about incidents and
events, which are the elements of a possible attack.
In the Network Security console, the Incidents tab displays both active and idle
incidents and events taking place in the monitored network, and can be drilled
down for multiple detail levels. Incidents to which no new events have been
added for a given amount of time are considered idle, so Symantec Network
Security closes them. The condition of the incident can be viewed in the State
column of the Incidents table. The incident idle time is a configurable
parameter.
An incident is a set of events that are related. An event is a significant security
occurrence that appears to exploit a vulnerability of the system or application.
When a sensor detects a suspicious event, it sends the data to be analyzed. The
analysis process correlates the event with similar or related events, and
categorizes them in the form of an incident. The incident is named after the
event with the highest priority, and reported in the form of incidents that are
displayed in the Network Security console.
About incident and event data
Examining incident and event data
Managing incident and event data
Tuning incident parameters
Monitoring flow statistics
Chapter
8
Advertisement
Table of Contents
