Right-click an event or event field in the active channel to open a context menu. The commands available are those that apply to the current combination of event type, view, filter, and so forth.
|
Command |
Description |
|---|---|
|
Show Event Details |
Use the Event Inspector to examine all the attribute details associated with the event. |
|
Correlation Options |
|
|
Analyze in Channel |
Create a temporary filter as required based on the field's highlighted event. The Analyze in Channel command uses the event's attribute type (its column heading), and the particular event's field value (for example, an exact IP address), to formulate simple filters based on these two factors. The filter's operators can include Create Filter [X = Y] and Add Condition [X = Y] to Editor. The Analyze in Channel submenu also offers the Show Exploited Vulnerability and Show Targeted Asset commands to open detailed views of assets or vulnerabilities, if present in the selected event. |
|
Debug Filter |
Evaluate if the selected event passes the filter resource selected from the filter resource popup. |
|
Debug Event Priority |
Display information on how event priorities are determined for the selected event. The window lists which conditions match the event. Items under each category: Severity, Relevance, Model Confidence, and Asset Criticality, and the total scores. For each category, certain factors contribute their individual scores. The scores are added to calculate the total. However, if the sum exceeds the upper limit of 10, 10 is displayed fo the category’s total score. Lower limit is 0. Debug Event Priority is applicable to Threat Level Monitoring, described in Threat Evaluation and also Priority Calculations and Ratings. |
|
Active List |
Add the selected event to, or remove it from, an active list. See Adding Events from a Channel to an Active List. |
|
Annotate Event |
Open this event in the Annotate Events dialog box, where you can click the Stage field to set a collaboration workflow sequence for this event. When you select a stage you automatically place the event in the corresponding group in the Stages resource tree in the Navigator panel, where you and other analysts can collaborate on its investigation and resolution. |
|
Mark as Reviewed |
Set the event's annotation flag to |
|
Event Graph |
Graph any logical relationships (that is, source/target IP address connections) that exist among the currently selected events. |
|
Rule Chain Graph |
Graph the rule chains behind the currently selected triggered events. |
|
Geographic View |
Geographically map the source and destination IP addresses of the selected events. |
|
Integration Commands |
Link to other ArcSight applications and tools. For more information, see Integration Commands . |
|
Tools |
Displays the Tools command menus (also available from the menu, Tools > Local Commands. See Using the Network Tools and Using the Tools Menu. |
|
Export |
Export the selected events to an external event-tracking system, such as comma-separated-value (CSV) data in a report or for a spreadsheet, or save it as an HTML or a JPEG file. |
|
Add to Case |
Add the selected events to a new case for tracking. |
|
Payload |
Keep or discard the payload associated with a selected event. Disabled if the selected event has no associated payload. |
|
Report |
Includes two options:
|
|
Close |
Close the current individual view within the selected view type. |
|
Knowledge Base |
If defined, show the Knowledge Base pages associated with the selected events, or associate new pages. |
|
Reference Pages |
If defined, displays the reference pages for this event. |
|
Vendor Page |
If available, show vendor Web page of the event's sensing device. |
|
Help |
Open the online Help to this topic. |