Symantec 10268947 User Guide - Page 101

Incidents and Events 101 Monitoring events ■ Confidence Indicates the confidence level assigned to the event. An event's confidence is a measure of the level of certainty that it is actually part of an attack. If the event is merely suspicious, then it is assigned a lower confidence level. If Symantec Network Security collects more data on the event to substantiate its confidence, the confidence is adjusted upward. ■ Event Indicates the order in which the event was added to the incident. Number ■ Device Name Indicates the name of the device where the event was detected. ■ Interface Indicates the name of the interface group where the event was Group detected. ■ Location Indicates the location of the device where the event was detected. ■ VLAN ID Indicates the identification of the VLAN where the event was detected. ■ Blocked Indicates whether the event was blocked or not. You can block events only with a 7100 Series appliance node. Note: Both StandardUsers and RestrictedUsers can modify the display of event information by selecting which columns to display, sorting columns, and applying view filters. Filtering the view of events You can filter the event data that is displayed by using the Event Filter. To filter the view of events 1 On the Incidents tab, in the Events at Selected Incident pane, click Filters. 2 In Event Class, do one of the following; ■ Click Hide Operational to show only those events classified as sensor events. ■ Click Hide Sensor to show only events associated with notices. ■ Click Show Both to show all events relating to the selected incident. 3 In Maximum Events to Display, enter a value. The default is 100 events per incident. 4 Click Apply to save and exit.