Symantec 10521146 Administration Guide - Page 208
Annotating incident data, Customizing annotation templates, Incidents, Analyst Note, Add Note, Close
UPC - 037648268134
View all Symantec 10521146 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 208 highlights
208 Monitoring Managing incident and event data Annotating incident data You can add comments to incidents and events. Each annotation receives a time stamp and lists the author of the annotation. You can sort multiple annotations for an event by time stamp in ascending or descending order. To annotate an incident or event 1 On the Incidents tab, double-click an incident or event. 2 Click Analyst Note. 3 Enter the information relevant to this incident. The Note field can include guidelines established by the SuperUser, such as ticket number, owner, and the last action taken in response to the event. 4 Click Add Note to preserve your annotation. 5 In Analyst Note, click Close to save and close. Note: All users can annotate incident and event data. See "User groups reference" on page 319 for more about permissions. Customizing annotation templates The Network Security console provides an informational template to make Analyst Notes consistent and pertinent to your enterprise. For example, the template can prompt for specific information such as identifying numbers or last actions taken. Note: SuperUsers and Administrators can create a template for Analyst Notes. All users can use the template to annotate incident and event data. See "User groups reference" on page 319 for more about permissions. To create an annotation template 1 In the Network Security console, click Configuration > Node > Analyst Note Template. 2 In Select Node, select the software or appliance node from the pull-down list and click OK. 3 In the Analyst Note Template, edit the file with the boilerplate information that you want to keep track of, and click OK to save and exit.