Symantec 10268947 User Guide - Page 96

96 Incidents and Events Monitoring incidents Note: If an incident changes after it was marked, such as a new event being added to it, the red hash mark changes to a red circle to flag you. Monitoring incidents An incident is a set of events that are related. An event is a significant security occurrence that appears to exploit a vulnerability of the system or application. When a sensor detects a suspicious event, it sends the data to be analyzed. The analysis process correlates the event with similar or related events, and categorizes them in the form of an incident. The incident is named after the event with the highest priority, and reported in the form of incidents that are displayed in the Network Security console. Viewing incident data The Incidents tab contains an upper and lower pane: Incidents, and Events at Selected Incident. In the upper pane, information about each incident is displayed. This information is taken from the highest-priority event within that incident. Therefore, the values may change if an event of higher priority is added to the same incident. To view incident data ◆ In the Network Security console, click the Incidents tab. Selecting incident columns Not all incidents contain data in every category, so you may want to remove empty columns or add others to customize the display. All users can modify the display of incident data by selecting columns. To customize the incident columns 1 On the Incidents tab, in the upper Incidents pane, click Columns. 2 In Table Column Chooser, do one of the following: ■ Click Select All to display all columns. ■ Click the individual columns that you want to view. 3 Click OK to save and close.