Examining incident data
real-time analysis and correlation in this way, Symantec Network Security
provides information about all incidents and events that occur in your network.
You can control the way this information is displayed by setting font size,
choosing the data to display, filtering the view, and sorting it. You can mark
what you have read and add notes. The display is described in the following
sections:
Examining incident data
■
Examining event data
■
You can view incident and event data at several different levels.
Viewing top-level incident data
■
Viewing incident details
■
Viewing an incident's top event
■
Loading cross-node correlated events
■
Viewing top-level incident data
The Incidents tab contains an upper and lower pane: Incidents, and Events at
Selected Incident. In the upper pane, information about each incident is
displayed. This information is taken from the highest-priority event within that
incident. Therefore, the values may change if an event of higher priority is added
to the same incident.
To view incident data
◆
In the Network Security console, click the Incidents tab.
Note: All users can view top-level incident data. See
page 319 for more about permissions.
Viewing incident details
You can drill down to view detailed information about a specific incident, such
as the unique incident identification number, or the CVE reference number, by
double-clicking the incident row in the Incidents tab.
The detail information is derived from the highest priority event within that
incident. The values may change, therefore, if an event of higher priority is
added to the incident. If the incident includes multiple events with the highest
Monitoring
Examining incident and event data
"User groups reference"
193
on