Table of Contents
Advertisement
196 Monitoring
Examining incident and event data
Examining event data
Event name
■
Detected At
■
Response Taken
■
Attack Details
■
Event Message
■
Sources and
■
Destinations
Event Note
■
4
Click Close to close top Event Details.
From Event Details, you can do the following:
Annotating incident data
■
Copying an incident's top event
■
Loading cross-node correlated events
If the selected incident is correlated to an incident from another software or
appliance node (as denoted in the Other Node # column), then each tab of
Incident details will contain one sub-incident of the cross-node incident, and the
tab will carry the name of the node that detected that sub-incident.
To load events
Click Load Events to load the events for the currently selected sub-incident.
◆
Load Events will be disabled if the currently selected sub-incident's events
are already loaded.
Note: SuperUsers and Administrators can drill down to view cross-node events.
See
"User groups reference"
This section includes the following:
Viewing top-level event data
■
Indicates the name of the event.
Indicates summary information about the event such as
the name of the software or appliance node on which
the event was detected, interface, current policy, and
MAC addresses.
Indicates the response rule triggered by this incident.
Provides detailed information about the event.
Indicates a summary information about the event.
Indicates source and destination IP addresses and ports
of the packet that triggered the event.
Displays the optional note entered when the current
policy was created, if any.
See
"Annotating an event type in a policy"
on page 319 for more about permissions.
on page 127.
Advertisement
Table of Contents
