Alerts notify you of what is most important for you to look at. Alerts can relate to threats to IT resources or performance thresholds such as system memory full or IT resources not responding. Correlation rules define the patterns that you are alerted to. Sentinel automatically associates the relevant events and identities with the alert to help you determine the root cause of a potential threat.
Sentinel provides a graphical and tabular representation of alerts. Visualizing alerts helps you identify and analyze potential threats against your IT resources. You can view and analyze alerts in the following panels in the Sentinel Web console:
Alert Views: The real-time alert views show you the alerts that are most important to look at and enable you to view and manage alert details. Charts provide a summary of alerts and the table provides a prioritized list of all the alerts. Alert view also enables you to perform alert triage operations such as changing states of an alert, assigning alerts to users or roles, adding information to the knowledge base, and so on. You can further drill-down into each alert to view the alert details such as trigger events, user identities involved, alert history, and so on. For more information about alert view, see Section 6.1, Viewing and Triaging Alerts in Alert Views.
Dashboards: Alert dashboards enable you to perform powerful exploration and analysis of alerts. For example, you can find out the average time taken by owners to close alerts, the correlation rule generating the maximum number of alerts, geographical locations from where the alerts with high severity are detected, and so on. The alert dashboard enables you to create customized charts and tables for analysis. You can filter and refine the data further as you select certain areas in the charts and use the query and filter options. For more information about alert dashboard, see Section 6.2, Analyzing Alert Dashboards.
This chapter provides information about the following: