Symantec 10268947 User Guide - Page 105

Incidents and Events 105 Managing the incident/event data ■ Customer ID This is the customer ID entered in the topology for the interface where the event was detected. ■ End Time The time at which Network Security stopped monitoring the event. ■ CVE Number The CVE (Common Vulnerabilities and Exposures) number, if any. CVE numbers are a list of standardized names for vulnerabilities and other information security exposures compiled by the MITRE Corporation. For a complete list of CVE numbers, see http://cve.mitre.org. ■ Priority The priority level assigned to the incident by the Analysis Framework. The priority level is a function of the severity and reliability levels. ■ Severity The severity level Network Security assigned to the incident. An incident's severity is a measure of the potential damage that an incident can cause. Severity levels range from 0 to 255, with 255 as the most severe. ■ Reliability The reliability level Network Security assigned to the incident. The reliability value indicates the level of certainty that a particular incident is actually an attack. If the incident is merely suspicious, then its assigned reliability level is low. If Network Security collects more data on the incident to substantiate its reliability, the reliability is adjusted upward. Reliability levels range from 0 to 255, with 255 as the most reliable. ■ Attack Source(s) The IP address of the packet that triggered the event. Click the address to view related host name or flow statistics. ■ Attack Destination(s) The IP address of the event's target. Click the address to view related host name or flow statistics. Note: StandardUsers can view detailed information about each incident; RestrictedUsers cannot. Saving incident data All users can save detailed information about each incident on the Network Security console Incidents tab. To save incident data 1 In the Network Security console, click the Incidents tab.