Symantec 10521146 Administration Guide - Page 198
Incidents, Events at Selected Incident, View Event Details, Close, Administrators, StandardUsers
UPC - 037648268134
View all Symantec 10521146 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 198 highlights
198 Monitoring Examining incident and event data Note: SuperUsers can view advanced event details and packet contents; Administrators, StandardUsers, and RestrictedUsers cannot. See "User groups reference" on page 319 for more about permissions. To view event details 1 In the Network Security console, click the Incidents tab, and select an Incident. 2 In Events at Selected Incident, right-click an event row. 3 Click View Event Details from the pop-up list. Event Details can display any or all of the following information: ■ Event name ■ Severity level ■ Confidence level ■ Start time ■ Detected At ■ Attack Details ■ Event Message ■ Sources and Destinations ■ Event Note Indicates the name of the event type. Indicates the severity level assigned to the incident. An incident's severity is a measure of the potential damage that an incident can cause. Indicates the confidence level assigned to the incident. The confidence value indicates the level of certainty that a particular incident is actually an attack. If the incident is merely suspicious, then its assigned confidence level is low. If Symantec Network Security collects more data on the incident to substantiate its confidence, the confidence is adjusted upward. Indicates the time at which Symantec Network Security started monitoring the event. Indicates summary information about the event such as the name of the software or appliance node on which the event was detected, interface, current policy, and MAC addresses. Provides detailed information about the event. Indicates a summary information about the event. Indicates source and destination IP addresses and ports of the packet that triggered the event. Displays the optional note entered when the current policy was created, if any. See "Annotating an event type in a policy" on page 127. 4 Click Close to close Event Details.