Symantec 10268947 User Guide - Page 91
Incidents and Events, About incidents and events
UPC - 037648243766
View all Symantec 10268947 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 91 highlights
8 Chapter Incidents and Events This chapter includes the following topics: ■ About incidents and events ■ Monitoring incidents ■ Monitoring events ■ Managing the incident/event data About incidents and events The Network Security console provides a central point from which you can monitor all attack activity in any network location defined in the topology tree. The Network Security console displays detailed information about incidents and events, which are the elements of a possible attack. In the Network Security console, the Incidents tab displays both active and idle incidents and events taking place in the monitored network, and can be drilled down for multiple detail levels. Incidents to which no new events have been added for a given amount of time are considered idle, so Symantec Network Security closes them. The condition of the incident can be viewed in the State column of the Incidents table. The incident idle time is a configurable parameter. An incident is a set of events that are related. An event is a significant security occurrence that appears to exploit a vulnerability of the system or application. When a sensor detects a suspicious event, it sends the data to be analyzed. The analysis process correlates the event with similar or related events, and categorizes them in the form of an incident. The incident is named after the event with the highest priority, and reported in the form of incidents that are displayed in the Network Security console.