NetIQ Sentinel User Guide

  NetIQ Sentinel User Guide

    Introduction to the Sentinel Interface

      Sentinel Web Interface

      Sentinel Control Center

      Solution Designer

    Searching Events

      Running an Event Search

      Viewing Search Results

      Refining Search Results

      Saving a Search Query

      Performing Event Operations

    Configuring Filters

      Overview

      Introducing the Filters Interface

      Creating a Filter

      Sample Filters

      Viewing Events by Using Filters

      Managing Filters

    Correlating Event Data

      Overview

      Accessing the Correlation User Interface

      Understanding the Correlation Interface

      Creating Correlation Rules

      Associating Actions to a Rule

      Testing a Correlation Rule

      Sample Correlation Rules

      Deploying Rules in the Correlation Engine

      Viewing Correlated Events

      Managing Correlation Rules

      Managing the Correlation Engine

    Analyzing Trends in Data

      Overview

      Creating a Dashboard

      Understanding the Dashboard Interface

      Creating Baselines

      Configuring Anomaly Detection

      Viewing Anomaly Events

      Managing Dashboards

      Troubleshooting

    Visualizing and Analyzing Network Flow Data

    Configuring Dynamic Lists

      Creating a Dynamic List

      Managing Dynamic Lists

    Leveraging Identity Information

      Overview

      Searching and Viewing User Identities

    Manually Performing Actions on Events

      Accessing Event Actions

      Prerequisites for Assigning Actions to Events

      Assigning Actions to Events

      Configuring Event Actions

    Configuring Tags

      Overview

      The Tags Interface

      Creating a Tag

      Managing Tags

      Performing Text Searches for Tags

      Deleting Tags

      Associating Tags with Objects

      Viewing Tagged Events

    Viewing Events

      Overview

      Accessing the Active Views Tab

      Reconfiguring Total Display Time

      Viewing Real-Time Events

      Managing Events

      Managing Columns

      Taking a Snapshot of a Navigator Window

    Reporting

      Importing Report Definitions

      Creating Reports

      Scheduling a Report

      Grouping Reports Based on Category

      Viewing Events

      Renaming a Report Result

      Marking Report Results as Read or Unread

      Managing Favorite Reports

      Associating Tags with Report Results and Report Definitions

      Exporting Report Definitions and Report Results

      Deleting Reports

      White Label Template Report

    Viewing Compliance to Configuration Policies

      Viewing Secure Configuration Manager Events and Compliance Details

    Configuring Incidents

      Accessing Incidents

      Creating Incidents

      Managing Incidents

      Adding an Incident View

    Configuring iTRAC Workflows

      Overview

      Accessing the iTRAC Administration Tools

      Using the Template Manager

      Template Builder Interface

      Creating a Template

      Managing Templates

      Steps

      Adding Steps to a Workflow

      Managing Steps

      Transitions

      Activities

      Creating iTRAC Activities

      Managing Activities

      Managing iTRAC Roles

      Process Management

    Managing Work Items

      Overview

      Understanding the Work Item Summary Interface

      Viewing a Work Item

      Processing a Work Item

      Managing Work Items Of Other Users

    Search Query Syntax

      Basic Search Query

      Wildcards in Search Queries

      The notnull Query

      Tags in Search Queries

      Regular Expression Queries

      Range Queries

      IP Addresses Query

    Correlation Rule Expression Syntax

      Event Fields

      Event Operations

      Operators

      Order of Operators

    Legal Notice