In the
tab, you can:View events occurring in near-real time
Investigate events
Graph events
Perform historical statistical analysis
Invoke right-click functions
Initiate manual incidents and remediation workflows
An event represents a normalized log record reported to Sentinel from a third-party security, network, or application device or from an internal Sentinel source. There are several types of events:
External events (event received from a security device), such as:
An attack detected by an intrusion detection system
A successful login reported by an operating system
A customer-defined situation such as a user accessing a file
Internal events (an event generated by Sentinel), including:
A correlation rule being disabled
The database filling up
Correlated events
You can monitor the events in a tabular form or you can use several different types of charts to perform queries for recent events. Access to these features can be enabled or disabled for each user.