NetIQ Sentinel 7.0.1 User Guide
- NetIQ Sentinel 7.0.1 User Guide
- Introduction to the Sentinel Interface
- Sentinel Web Interface
- Sentinel Control Center
- Solution Designer
- Searching Events
- Running an Event Search
- Viewing Search Results
- Refining Search Results
- Saving a Search Query
- Performing Event Operations
- Configuring Filters
- Overview
- Introducing the Filters Interface
- Creating a Filter
- Sample Filters
- Viewing Events by Using Filters
- Managing Filters
- Correlating Event Data
- Overview
- Accessing the Correlation User Interface
- Understanding the Correlation Interface
- Creating Correlation Rules
- Associating Actions to a Rule
- Testing a Correlation Rule
- Sample Correlation Rules
- Deploying Rules in the Correlation Engine
- Viewing Correlation Events
- Managing Correlation Rules
- Managing the Correlation Engine
- Analyzing Trends in Data
- Overview
- Creating a Dashboard
- Understanding the Dashboard Interface
- Creating Baselines
- Configuring Anomaly Detection
- Managing Dashboards
- Troubleshooting
- Configuring Dynamic Lists
- Creating a Dynamic List
- Managing Dynamic Lists
- Integrating Identity Information with Sentinel Events
- Overview
- Integration with Identity Management Systems
- Identity Browser
- Manually Performing Actions on Events
- Accessing Event Actions
- Prerequisites for Assigning Actions to Events
- Assigning Actions to Events
- Configuring Event Actions
- Configuring Tags
- Overview
- The Tags Interface
- Creating a Tag
- Managing Tags
- Performing Text Searches for Tags
- Deleting Tags
- Associating Tags with Objects
- Viewing Tagged Events
- Viewing Events
- Overview
- Accessing the Active Views Tab
- Reconfiguring Total Display Time
- Viewing Real-Time Events
- Managing Events
- Managing Columns
- Taking a Snapshot of a Navigator Window
- Reporting
- Running Reports
- Viewing the Reports
- Scheduling a Report
- Adding Report Definitions
- Renaming a Report Result
- Marking Report Results as Read or Unread
- Managing Favorite Reports
- Exporting Report Definitions and Report Results
- Deleting Reports
- Configuring Incidents
- Accessing Incidents
- Creating Incidents
- Managing Incidents
- Adding an Incident View
- Configuring iTRAC Workflows
- Overview
- Accessing the iTRAC Administration Tools
- Using the Template Manager
- Template Builder Interface
- Creating a Template
- Managing Templates
- Steps
- Adding Steps to a Workflow
- Managing Steps
- Transitions
- Activities
- Creating iTRAC Activities
- Managing Activities
- Managing iTRAC Roles
- Process Management
- Managing Work Items
- Overview
- Understanding the Work Item Summary Interface
- Viewing a Work Item
- Processing a Work Item
- Managing Work Items Of Other Users
- Search Query Syntax
- Basic Search Query
- Wildcards in Search Queries
- The notnull Query
- Tags in Search Queries
- Range Queries
- IP Addresses Query
- Correlation Rule Expression Syntax
- Event Fields
- Event Operations
- Operators
- Order of Operators
- Legal Notices