Symantec 10521146 Administration Guide - Page 204
Events at Selected Incident, can display the following information
UPC - 037648268134
View all Symantec 10521146 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 204 highlights
204 Monitoring Managing incident and event data The Events at Selected Incident can display the following information: ■ Time Indicates the date and time when Symantec Network Security first detected and logged the event. ■ Event Type Indicates the event category of the detected event. ■ Name Indicates the user group of the current user. ■ Source Indicates the IP address of the packet that triggered the event. If the source is made up of multiple addresses, then the Network Security console displays (multiple IPs) and you can view the list of addresses by double-clicking the event to see Event Details. ■ Destination Indicates the IP address of the attack target. If the destination is made up of multiple addresses, then the Network Security console displays (multiple IPs) and you can view the list of addresses by double-clicking the event to see Event Details. ■ Severity Indicates the severity level assigned to the event. An event's severity is a measure of the potential damage that it can cause. ■ Confidence Indicates the confidence level assigned to the event. An event's confidence is a measure of the level of certainty that it is actually part of an attack. If the event is merely suspicious, then it is assigned a lower confidence level. If Symantec Network Security collects more data on the event to substantiate its confidence, the confidence is adjusted upward. ■ Event Indicates the order in which the event was added to the incident. Number ■ Device Name Indicates the name of the device where the event was detected. ■ Interface Indicates the name of the interface group where the event was Group detected. ■ Location Indicates the location of the device where the event was detected. ■ VLAN ID Indicates the identification of the VLAN where the event was detected. ■ Blocked Indicates whether the event was blocked or not. You can block events only with a 7100 Series appliance node. Note: All users can select event columns. See "User groups reference" on page 319 for more about permissions.