Sentinel displays events in near-real time through the Active Views tab in the Sentinel Control Center. In the
tab, you can:View events occurring in near-real time
Investigate events
Graph events
Invoke right-click functions
Initiate manual incidents and remediation workflows
An event represents a normalized log record reported to Sentinel from a third-party security, network, or application device or from an internal Sentinel source. There are several types of events:
External events (events received from a security device), such as:
An attack detected by an intrusion detection system (IDS)
A successful login reported by an operating system
A customer-defined situation such as a user accessing a file
Internal events (an event generated by Sentinel), including:
A Correlation rule being disabled
The database filling up
You can monitor the events in a tabular form or you can use different types of charts, you can perform queries for recent events.
NOTE:You must have the Create and use Active Views permission to use the Active Views feature.