The Summary page summarizes events by type.
Topics:
- What do the different status colors mean?
- How are events grouped into categories?
- How can I see the individual events?
- How do I control the events that are generated?
See Also:
What do the different status colors mean?
The status color indicates the most severe event within the category during the selected Interval:
No events of this type- Inform
- Warn
- Severe
How are events grouped into categories?
The following categories (or Event Types) are defined:
- Security, including security signature matches.
- Threshold, including interface counter threshold violations.
- Status, including agent up/down events.
- Configuration, including new data sources events.
- Process, including process start/stop/failed events.
How can I see the individual events?
Individual events are shown on the Sentinel:Events>List page. If you click on a status box on the Summary page you will be taken to the Events>List page with filters set to show just the severest events in the selected category.
How do I control the events that are generated?
Scheduled reports may post Security, Threshold, or Configuration events (see Report). You will need to install a signature file before signature-based security events will be generated (see Sentinel:Signatures>Configure). You will need to configure thresholds before counter-based threshold events will be generated (see File>Configure).