4.0 Correlating Event Data
A single event viewed in the system might not necessarily draw your attention. But when you correlate a set of similar or comparable events in a given period, you might identify a potential problem. Sentinel helps you correlate events by using the rules you create and deploy in the Correlation Engine, so you can take appropriate action to mitigate any problems.
-
Section 4.1, Overview
-
Section 4.2, Accessing the Correlation User Interface
-
Section 4.3, Understanding the Correlation Interface
-
Section 4.4, Creating Correlation Rules
-
Section 4.5, Associating Actions to a Rule
-
Section 4.6, Testing a Correlation Rule
-
Section 4.7, Sample Correlation Rules
-
Section 4.8, Deploying Rules in the Correlation Engine
-
Section 4.9, Viewing Correlation Events
-
Section 4.10, Managing Correlation Rules
-
Section 4.11, Managing the Correlation Engine