In the
tab, you can:View events occurring in near-real time
Investigate events
Graph events
Perform historical statistical analysis
Invoke right-click functions
Initiate manual incidents and remediation workflows
An event represents a normalized log record reported to Sentinel from a third-party security, network, or application device or from an internal Sentinel source. There are several types of events:
External events (event received from a security device), such as:
An attack detected by an intrusion detection system
A successful login reported by an operating system
A customer-defined situation such as a user accessing a file
Internal events (an event generated by Sentinel), including:
A correlation rule being disabled
The database filling up
Correlated events
You can monitor the events in a tabular form or you can use several different types of charts to perform queries for recent events. Access to these features can be enabled or disabled for each user.
For trademark and copyright information, see Legal Notices.