![Symantec 10268947 - Network Security 7160 User Manual Download Page 99](http://html1.mh-extra.com/html/symantec/10268947-network-security-7160/10268947-network-security-7160_user-manual_1418779099.webp)
99
Incidents and Events
Monitoring events
6
In
Node List
, do one of the following:
■
In
Show Incidents from Node #
, click
1
from the pull-down list to show
only incidents from the selected software or appliance node, or
All
(except standby)
to view incidents from all the software or appliance
nodes within the topology excluding standby nodes.
■
Click
Include Backup Nodes
to preserve incidents during a failover
scenario.
7
In
Incident Hours
, do one of the following:
■
In
Maximum Incident Hours to Display
, enter a value to limit the total
number of hours.
■
In
Maximum Incidents Within Incident Hours
, enter a value to limit
the total number of incidents within the hour limit.
8
Click
Apply
to save and exit.
See the following for related information:
■
See
“Marking incidents as viewed”
on page 95.
Monitoring events
An incident is a possible attack composed of multiple related events. When the
sensor detects a suspicious event, it correlates the event to an incident
containing related events. Event types are group names for one or more base
events. Incidents consist of one or more event types, and event types consist of
one or more base events. The Network Security console displays event data in
the lower pane below the Incident table.
With any account, you can annotate events and mark incidents to improve
incident tracking, management, assignment, and response to enterprise threats.
Viewing event data
The Incidents tab contains an upper and lower pane:
Incidents
, and
Events at
Selected Incident
. In the upper pane, information about each incident is
displayed. View the event data that is specific to a particular incident by clicking
the respective incident row. The related event information is then displayed in
the lower pane.
To view event data
1
In the
Incidents
tab, click an incident row.
2
Related events are displayed in the lower
Events at Selected Incident
pane.
Summary of Contents for 10268947 - Network Security 7160
Page 1: ...Symantec Network Security User Guide...
Page 18: ...18 Introduction Finding information...
Page 34: ...34 Architecture About management and detection architecture...
Page 46: ...46 Getting Started About deploying node clusters...
Page 64: ...64 Topology Database Viewing objects in the topology tree...
Page 124: ...124 Log Files About log files...
Page 134: ...134 Index...