Sentinel User Guide
- Sentinel User Guide
- Introduction to the Sentinel Interface
- Dashboards
- Sentinel Main Interface
- Sentinel Control Center
- Solution Designer
- Viewing Events
- Viewing Events in Real-Time Views
- Visualizing Events in Event Visualization Dashboards
- Searching Events
- Searching Events Indexed in Traditional Storage
- Searching Events Indexed in Scalable Storage
- Configuring Filters
- Creating Filters
- Sample Filters
- Viewing Events by Using Filters
- Managing Filters
- Correlating Event Data
- Overview
- Understanding the Correlation Interface
- Creating Correlation Rules
- Associating Actions to a Rule
- Testing a Correlation Rule
- Sample Correlation Rules
- Deploying Rules in the Correlation Engine
- Viewing Correlated Events
- Customizing Correlated Event
- Managing Correlation Rules
- Managing the Correlation Engine
- Visualizing and Analyzing Alerts
- Viewing and Triaging Alerts
- Creating an Alert View
- Escalating Alerts to an Incident
- Analyzing Alert Dashboards
- Troubleshooting
- Analyzing Trends in Data
- Overview
- Creating a Dashboard
- Understanding the Dashboard Interface
- Creating Baselines
- Configuring Anomaly Detection
- Viewing Anomaly Events
- Managing Dashboards
- Troubleshooting
- Visualizing and Analyzing IP Flow Communications
- Configuring Dynamic Lists
- Working with Dynamic Lists
- Deleting Dynamic Lists and List Items
- Leveraging Identity Information
- Overview
- Searching and Viewing User Identities
- Manually Performing Actions on Events
- Accessing Event Actions
- Prerequisites for Executing Actions on Events
- Assigning Actions to Events
- Configuring Event Actions
- Configuring Tags
- Overview
- The Tags Interface
- Creating a Tag
- Managing Tags
- Performing Text Searches for Tags
- Deleting Tags
- Associating Tags with Objects
- Viewing Tagged Events
- Reporting
- Creating Reports
- Scheduling Reports
- Working with Reports
- Rebranding Reports
- Viewing Compliance to Configuration Policies
- Viewing Secure Configuration Manager Events and Compliance Details
- Viewing Change Guardian Events
- Configuring Incidents
- Accessing Incidents
- Creating Incidents
- Managing Incidents
- Adding an Incident View
- Configuring iTRAC Workflows
- Overview
- Accessing the iTRAC Administration Tools
- Using the Template Manager
- Template Builder Interface
- Creating a Template
- Managing Templates
- Steps
- Adding Steps to a Workflow
- Managing Steps
- Transitions
- Activities
- Creating iTRAC Activities
- Managing Activities
- Managing iTRAC Roles
- Process Management
- Managing Work Items
- Overview
- Understanding the Work Item Summary Interface
- Viewing a Work Item
- Processing a Work Item
- Managing Work Items Of Other Users
- Search Query Syntax
- Basic Search Query
- Wildcards in Search Queries
- The notnull Query
- Tags in Search Queries
- Regular Expression Queries
- Range Queries
- IP Addresses Query
- Correlation Rule Expression Syntax
- Event Fields
- Event Operations
- Operators
- Order of Operators
- Legal Notice