NetIQ Sentinel User Guide
- NetIQ Sentinel User Guide
- Introduction to the Sentinel Interface
- Sentinel Web Interface
- Sentinel Control Center
- Solution Designer
- Searching Events
- Running an Event Search
- Viewing Search Results
- Refining Search Results
- Saving a Search Query
- Performing Event Operations
- Configuring Filters
- Overview
- Introducing the Filters Interface
- Creating a Filter
- Sample Filters
- Viewing Events by Using Filters
- Managing Filters
- Correlating Event Data
- Overview
- Accessing the Correlation User Interface
- Understanding the Correlation Interface
- Creating Correlation Rules
- Associating Actions to a Rule
- Testing a Correlation Rule
- Sample Correlation Rules
- Deploying Rules in the Correlation Engine
- Viewing Correlated Events
- Managing Correlation Rules
- Managing the Correlation Engine
- Analyzing Trends in Data
- Overview
- Creating a Dashboard
- Understanding the Dashboard Interface
- Creating Baselines
- Configuring Anomaly Detection
- Viewing Anomaly Events
- Managing Dashboards
- Troubleshooting
- Visualizing and Analyzing Network Flow Data
- Configuring Dynamic Lists
- Creating a Dynamic List
- Managing Dynamic Lists
- Leveraging Identity Information
- Overview
- Searching and Viewing User Identities
- Manually Performing Actions on Events
- Accessing Event Actions
- Prerequisites for Assigning Actions to Events
- Assigning Actions to Events
- Configuring Event Actions
- Configuring Tags
- Overview
- The Tags Interface
- Creating a Tag
- Managing Tags
- Performing Text Searches for Tags
- Deleting Tags
- Associating Tags with Objects
- Viewing Tagged Events
- Viewing Events
- Overview
- Accessing the Active Views Tab
- Reconfiguring Total Display Time
- Viewing Real-Time Events
- Managing Events
- Managing Columns
- Taking a Snapshot of a Navigator Window
- Reporting
- Importing Report Definitions
- Creating Reports
- Scheduling a Report
- Grouping Reports Based on Category
- Viewing Events
- Renaming a Report Result
- Marking Report Results as Read or Unread
- Managing Favorite Reports
- Associating Tags with Report Results and Report Definitions
- Exporting Report Definitions and Report Results
- Deleting Reports
- White Label Template Report
- Viewing Compliance to Configuration Policies
- Viewing Secure Configuration Manager Events and Compliance Details
- Configuring Incidents
- Accessing Incidents
- Creating Incidents
- Managing Incidents
- Adding an Incident View
- Configuring iTRAC Workflows
- Overview
- Accessing the iTRAC Administration Tools
- Using the Template Manager
- Template Builder Interface
- Creating a Template
- Managing Templates
- Steps
- Adding Steps to a Workflow
- Managing Steps
- Transitions
- Activities
- Creating iTRAC Activities
- Managing Activities
- Managing iTRAC Roles
- Process Management
- Managing Work Items
- Overview
- Understanding the Work Item Summary Interface
- Viewing a Work Item
- Processing a Work Item
- Managing Work Items Of Other Users
- Search Query Syntax
- Basic Search Query
- Wildcards in Search Queries
- The notnull Query
- Tags in Search Queries
- Regular Expression Queries
- Range Queries
- IP Addresses Query
- Correlation Rule Expression Syntax
- Event Fields
- Event Operations
- Operators
- Order of Operators
- Legal Notice