198 Monitoring
Examining incident and event data
Note: SuperUsers can view advanced event details and packet contents;
Administrators, StandardUsers, and RestrictedUsers cannot. See
reference"
on page 319 for more about permissions.
To view event details
1
In the Network Security console, click the Incidents tab, and select an
Incident.
2
In Events at Selected Incident, right-click an event row.
3
Click View Event Details from the pop-up list.
Event Details can display any or all of the following information:
Event name
■
Severity level
■
Confidence level
■
Start time
■
Detected At
■
Attack Details
■
Event Message
■
Sources and
■
Destinations
Event Note
■
4
Click Close to close Event Details.
Indicates the name of the event type.
Indicates the severity level assigned to the incident. An
incident's severity is a measure of the potential damage
that an incident can cause.
Indicates the confidence level assigned to the incident.
The confidence value indicates the level of certainty that a
particular incident is actually an attack. If the incident is
merely suspicious, then its assigned confidence level is
low. If Symantec Network Security collects more data on
the incident to substantiate its confidence, the confidence
is adjusted upward.
Indicates the time at which Symantec Network Security
started monitoring the event.
Indicates summary information about the event such as
the name of the software or appliance node on which the
event was detected, interface, current policy, and MAC
addresses.
Provides detailed information about the event.
Indicates a summary information about the event.
Indicates source and destination IP addresses and ports of
the packet that triggered the event.
Displays the optional note entered when the current
policy was created, if any.
See
"Annotating an event type in a policy"
"User groups
on page 127.