Understanding an Incident

In Sentinel, a set of events (events that require attention, for example, a possible attack) grouped together form an Incident. An Incident in 'open' state alerts you to investigate and close the events that resulted in the incident.

Incidents can be created:

In the Incidents Tab, you can:

NOTE: You need to have appropriate permissions to access this tab. Only an Administrator has controls to enable/disable access to the features of Incidents for a user.