The following are the Top 10 reports which are available in Sentinel 6:
Top 10 Correlation Rules Triggered
Top 10 Destination Host Names
Top 10 Destination IP Addresses
Top 10 Destination Port Numbers
Top 10 Destination User Names
Top 10 Destination Event Names
Top 10 Destination Source Host Names
Top 10 Destination Source IP Addresses
Top 10 Destination Source to Destination IP Pairs
Top 10 Destination Source User Names
Top 10 Virus Names
Event Count by Top 10 Assets
Event Count by Top 10 Departments
Event Count by Top 10 Taxonomy Level
Incidents by Top 10 Assets
Incidents by Top 10 Users
The Top 10 reports are enabled by default, and the following summaries are turned on to enable the Top 10 reports:
EventDestSummary
EventSevSummary
EventSrcSummary
If Top 10 reports are not needed, you can disable these summaries, or you can enable additional summaries in order to use them for reporting. If the summary service is not in use, you may disable it.
To enable/disable Aggregation:
In Sentinel Control Center, go to Admin > Server Views.
Right-click DAS Aggregation and select Start/Stop to enable/disable Aggregation.
To enable/disable summaries:
In Sentinel Control Center, go to Admin > Reporting Data.
Highlight the Summary to enable/disable and click on the status (Active/Inactive) of that summary.
Select Yes to confirm that you want to change the status of the summary.
To enable or disable EventFileRedirectService:
At your DAS machine, using text editor, open:
For UNIX:
$ESEC_HOME/config/das_binary.xml
For Windows:
%ESEC_HOME%\config\das_binary.xml
For EventFileRedirectService, change the status to on or off, as appropriate. For example:
<property name="status">off</property>
Log into the Sentinel Control Center as the Sentinel Administrator.
Go to Admin > Servers View.
Right-click DAS_Binary and choose Restart.