Symantec 10268947 User Guide - Page 104

104 Incidents and Events Managing the incident/event data Loading cross-node correlated events If the selected incident is correlated to an incident from another software or appliance node (as denoted in the Other Node # column), then each tab of Incident details will contain one sub-incident of the cross-node incident, and the tab will carry the name of the node that detected that sub-incident. To load events ◆ Click Load Events to load the events for the currently selected sub-incident. Load Events will be disabled if the currently selected sub-incident's events are already loaded. Saving, printing, or emailing incidents All users can view details, save, print, or email incident data, or send it to the clipboard for pasting, together with its associated events, from the Network Security console. You can display the options by double-clicking an incident row and choosing from the menu items on the Incident Details, or by right-clicking an incident row, and choosing from the menu items displayed. Viewing incident details Symantec Network Security provides a deeper level of information about each incident from the Incidents tab. To view incident details 1 In the Network Security console, click the Incident tab. 2 In Incidents, double-click any incident row. 3 In Incident Details, click Top Event to view the highest priority event correlated to that incident. Incident Details can display the following information: ■ Event Mapped Type The event type to which the base event is mapped. ■ Base Event Type The base event mapped to the incident's highest priority event. ■ Incident ID Unique incident identifier assigned to the incident by Network Security. ■ Network Security The name of the Network Security software node on which software node the incident was detected.