An event represents a normalized log record reported to Sentinel from a third-party security device, network or application device, or from an internal Sentinel source. There are several types of events:
External events (events received from a security device) such as:
An attack detected by an intrusion detection system (IDS)
A successful login reported by an operating system
A customer-defined situation such as a user accessing a file
Internal events (events generated by Sentinel), including:
A correlation rule being disabled
The database filling up
Sentinel displays events in near real-time in a graphical and tabular representation. You can view and analyze events in Real-time Views in the Sentinel Web interface and also in Active Views in the Sentinel Control Center. Viewing events in Real-time Views enables you to view events without having to log in to the Sentinel Control Center. To perform any event operations, you can launch the Search interface. However, in Active Views, you can view the events and also perform event operations in the Active Views table.