8.1 Introduction to the User Interface

In the Analysis tab, you can see the Offline Queries options.

Table 8-1 Analysis Tab User Interface

User Interface

Description

The Analysis menu in the menu bar

The Navigation Tree in the Navigation pane

The toolbar buttons

8.1.1 Top Ten Dashboard

The following Top 10 dashboards are available in Sentinel and can be downloaded from the Sentinel Content page:

  • Top 10 Target IP Addresses

  • Top 10 Initiating IP Addresses

  • Top 10 Target Host Names

  • Top 10 Initiating Host Names

  • Top 10 Target User Names

  • Top 10 Initiating User Names

  • Top 10 Target Port Names

  • Top 10 Event Names

The Top 10 dashboards are enabled by default, and the following summaries are turned on to enable the Top 10 dashboards:

  • EventDestSummary

  • EventSevSummary

  • EventSrcSummary

If Top 10 dashboards are not needed, you can disable these summaries, or you can enable additional summaries in order to use them for reporting. If the summary service is not in use, you can disable it.

To enable or disable summaries:

  1. In the Sentinel Control Center, go to Admin > Report Data Configuration.

  2. Select the Summary to enable or disable and click the status (Active/Inactive) of that summary.

  3. Select Yes to confirm that you want to change the status of the summary.

To enable or disable EventFileRedirectSerice:

  1. At your Sentinel machine, using text editor, open:

    <install_directory>/config/das_binary.xml

  2. For EventFileRedirectService, change the status to on or off, as appropriate. For example:

    <property name="status">off</property>

  3. Log in to the Sentinel Control Center as the Sentinel Administrator.

  4. Go to Admin > Servers View.

  5. Right-click DAS_Binary and select Restart.