194 Monitoring
Examining incident and event data
priority level, then the event most recently correlated to the incident is
displayed.
Note: SuperUsers and Administrators can drill down to view incident details.
See
"User groups reference"
To view incident details
1
On the Incidents tab, in the upper Incidents pane, right-click any incident
row.
2
Click View Incident Details from the pop-up list.
Incident Details displays the following information:
Event name
■
Severity level
■
Confidence level
■
End time
■
Node where incident was
■
detected
Source IP address and port
■
Destination IP address and
■
port
3
Click OK to exit Incident Details.
From Incident Details, you can also do the following:
on page 319 for more about permissions.
Indicates the name of the event.
Indicates the severity level assigned to the
incident. An incident's severity is a measure of
the potential damage that an incident can cause.
Indicates the confidence level assigned to the
incident. The confidence value indicates the level
of certainty that a particular incident is actually
an attack. If the incident is merely suspicious,
then its assigned confidence level is low. If
Symantec Network Security collects more data
on the incident to substantiate its confidence,
the confidence is adjusted upward.
Indicates the time at which Symantec Network
Security stopped monitoring the incident.
See
"Setting Incident Idle Time"
Indicates the name of the software or appliance
node on which the top event for this incident was
detected.
Indicates the IP address and port of the node on
which the top event for this incident was
detected.
Indicates the IP address and port of the node on
which the top event for this incident was
detected.
on page 213.