Symantec 10521146 Administration Guide - Page 206
Selecting event filters, Maximum Incidents Within Incident Hours
UPC - 037648268134
View all Symantec 10521146 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 206 highlights
206 Monitoring Managing incident and event data ■ Click Hide Marked to show only the incidents that have not been marked in the Network Security console. ■ Click Show Both to include both marked and unmarked incidents. 5 In Analyst Notes, do one of the following: ■ Click Hide Unannotated to show only incidents with annotations and incidents that contain events with annotations. ■ Click Hide Annotated to show only incidents that do not have annotations or that contain events with annotations. ■ Click Show Both to include both annotated and unannotated incidents. 6 In Node List, do one of the following: ■ In Show Incidents from Node #, click 1 from the pull-down list to show only incidents from the selected software or appliance node, or All (except standby) to view incidents from all the software or appliance nodes within the topology excluding standby nodes. ■ Click Include Backup Nodes to preserve incidents during a failover scenario. 7 In Incident Hours, do one of the following: ■ In Maximum Incident Hours to Display, enter a value to limit the total number of hours. ■ In Maximum Incidents Within Incident Hours, enter a value to limit the total number of incidents within the hour limit. 8 Click Apply to save and exit. Note: All users can select incident filtering criteria. See "User groups reference" on page 319 for more about permissions. Selecting event filters You can filter the event data that is displayed by using the Event Filter. To filter the view of events 1 On the Incidents tab, in the Events at Selected Incident pane, click Filters. 2 In Event Class, do one of the following; ■ Click Hide Operational to show only those events classified as sensor events. ■ Click Hide Sensor to show only events associated with notices.