A single event viewed in the system might not necessarily draw your attention. But when you correlate a set of similar or comparable events in a given period, you might identify a potential problem. Sentinel helps you correlate events by using the rules you create and deploy in the Correlation Engine, so you can take appropriate action to mitigate any problems.
-
Section 5.1, Overview
-
Section 5.2, Understanding the Correlation Interface
-
Section 5.3, Creating Correlation Rules
-
Section 5.4, Associating Actions to a Rule
-
Section 5.5, Testing a Correlation Rule
-
Section 5.6, Sample Correlation Rules
-
Section 5.7, Deploying Rules in the Correlation Engine
-
Section 5.8, Viewing Correlated Events
-
Section 5.9, Customizing Correlated Event
-
Section 5.10, Managing Correlation Rules
-
Section 5.11, Managing the Correlation Engine