The Active Views tab presents events in near-real time. In the Active Views tab, you can:
View events occurring in near real time
Investigate events
Graph Events
Perform Historical Statistical Analysis
Invoke right-click functions
Initiate manual incidents and remediation workflows
An event represents a normalized log record reported to Sentinel from a third party security, network, or application device or from an internal Sentinel source. There are several types of events:
External Events (event received from a security device), such as:
An attack detected by an Intrusion Detection System (IDS)
A successful login reported by an operating system
A customer-defined situation such as a user accessing a file
Internal Events (an event generated by Sentinel), including:
A correlation rule being disabled
Database filling up
You can monitor the events in a tabular form or using several different types of charts, you can perform queries for recent events.
NOTE:Access to these features can be enabled or disabled for each user. For more information, see Sentinel Database Users, Roles, and Access Permissions
in Sentinel 6.1 Reference Guide