An event, which is generated externally, represents some activity that might not be always exceptional. But a set of similar or comparable events in a given period, might indicate a potential threat. Sentinel helps you correlate events by using correlation rules, which helps you take appropriate actions to mitigate any problems. However, to receive instant notification about such potential threats, you can configure correlation rules to create alerts.
Alerts notify you about potential threats against some IT resource. In addition to potential threats, alerts can also indicate any performance thresholds, such as system memory full or IT resources not responding. Alerts help you to analyze the events and identities to determine the root cause of potential threats.
Alerts provide some high-level details of an event that allow you to quickly drill down to event details and determine whether it's a potential threat or a false positive. If the alert seems to be a potential threat, you can optionally escalate that alert to an incident. You can attach multiple events, host information, vulnerabilities, and even arbitrary attachments to an incident that may help analysts in further investigation of the incident.