Symantec 10268947 User Guide - Page 97

Incidents and Events 97 Monitoring incidents The Incidents tab can display the following incident data: ■ Last Mod. Indicates the date and time when Symantec Network Security Time last modified the incident record. ■ Name Indicates the user group of the current user. ■ Severity Indicates the severity level assigned to the incident. An incident's severity is a measure of the potential damage that it can cause. ■ Source Indicates the IP address of the attack source. If the source is made up of multiple addresses, then the Network Security console displays (multiple IPs) and you can view the list of addresses by double-clicking the event to see Event Details. ■ Destination Indicates the IP address of the attack target. If the destination is made up of multiple addresses, then the Network Security console displays (multiple IPs) and you can view the list of addresses by double-clicking the event to see Event Details. ■ Event Count Indicates the total number of events associated with this incident that have been logged to the database. ■ Device Name Indicates the name of the device where the incident was detected. ■ Location Indicates the location of the device where the incident was detected. ■ State Indicates the condition of the incident, either Active or Closed. Incidents to which no new events have been added for a given amount of time are considered idle, and Symantec Network Security closes them. ■ Marked Indicates whether you marked the incident as viewed. ■ Node # Indicates the number of the software or appliance node that detected the incident. ■ Node Name Indicates the name of the software or appliance node that detected the incident. ■ Other Node Indicates the numbers of the software or appliance node that the #'s incident was cross-node correlated to, if any. See the following related information: ■ See "About incidents and events" on page 91. ■ See "Selecting event columns" on page 100.