Symantec 10268947 User Guide - Page 98

98 Incidents and Events Monitoring incidents ■ See "Marking incidents as viewed" on page 95. Filtering the view of incidents You can filter the view of incident data to provide a shorter list to sift through, using the Incident Filter. For example, you can set the Incidents table to display only active incidents. You can choose between viewing the incidents detected by all software and appliance nodes, and viewing only those detected by a particular software or appliance node. By default, incidents from all nodes are displayed. Note: When you apply incident view filters, they apply only to the incidents, not to the events correlated to the incidents. For example, even if you select the Sensor Only filter, an operational event that is correlated to a sensor incident will still be displayed. To filter the view of incidents or events 1 In the Incidents tab, in the upper Incidents pane, click Filters. 2 Click Hide Closed Incidents to show only active incidents in the cluster. 3 In Incident Class, do one of the following: ■ Click Hide All Operational to show only those incidents classified as sensor events, and filter out all operational notice events. ■ Click Hide Sensor to show only operational events, such as Network Security console logins. ■ Click Show All Operational and Sensor to show both operational and sensor events. 4 In Marked State, do one of the following: ■ Click Hide Unmarked to show only the incidents that have been marked in the Network Security console. ■ Click Hide Marked to show only the incidents that have not been marked in the Network Security console. ■ Click Show Both to include both marked and unmarked incidents. 5 In Analyst Notes, do one of the following: ■ Click Hide Unannotated to show only incidents with annotations and incidents that contain events with annotations. ■ Click Hide Annotated to show only incidents that do not have annotations or that contain events with annotations. ■ Click Show Both to include both annotated and unannotated incidents.