Sentinel User Guide

  Sentinel User Guide

    Introduction to the Sentinel Interface

      Dashboards

      Sentinel Main Interface

      Sentinel Control Center

      Solution Designer

    Viewing Events

      Viewing Events in Real-Time Views

      Visualizing Events in Event Visualization Dashboards

    Searching Events

      Searching Events Indexed in Traditional Storage

    Configuring Filters

      Creating Filters

      Sample Filters

      Viewing Events by Using Filters

      Managing Filters

    Correlating Event Data

      Overview

      Understanding the Correlation Interface

      Creating Correlation Rules

      Associating Actions to a Rule

      Testing a Correlation Rule

      Sample Correlation Rules

      Deploying Rules in the Correlation Engine

      Viewing Correlated Events

      Customizing Correlated Event

      Managing Correlation Rules

      Managing the Correlation Engine

    Visualizing and Analyzing Alerts

      Viewing and Triaging Alerts

      Creating an Alert View

      Working with Alert Views

      Escalating Alerts to an Incident

      Analyzing Alert Dashboards

      Troubleshooting

    Analyzing Trends in Data

      Overview

      Creating a Dashboard

      Understanding the Dashboard Interface

      Creating Baselines

      Configuring Anomaly Detection

      Viewing Anomaly Events

      Managing Dashboards

      Troubleshooting

    Visualizing and Analyzing IP Flow Communications

    Configuring Dynamic Lists

      Working with Dynamic Lists

      Deleting Dynamic Lists and List Items

    Leveraging Identity Information

      Overview

      Searching and Viewing User Identities

    Manually Performing Actions on Events

      Accessing Event Actions

      Prerequisites for Executing Actions on Events

      Assigning Actions to Events

      Configuring Event Actions

    Configuring Tags

      Overview

      The Tags Interface

      Creating a Tag

      Managing Tags

      Performing Text Searches for Tags

      Deleting Tags

      Associating Tags with Objects

      Viewing Tagged Events

    Reporting

      Creating Reports

      Scheduling Reports

      Working with Reports

      Rebranding Reports

    Viewing Compliance to Configuration Policies

      Viewing Secure Configuration Manager Events and Compliance Details

    Viewing Change Guardian Events

    Configuring Incidents

      Accessing Incidents

      Creating Incidents

      Managing Incidents

      Adding an Incident View

    Managing Work Items

      Overview

      Understanding the Work Item Summary Interface

      Viewing a Work Item

      Processing a Work Item

      Managing Work Items Of Other Users

    Configuring iTRAC Workflows

      Overview

      Accessing the iTRAC Administration Tools

      Using the Template Manager

      Template Builder Interface

      Creating a Template

      Managing Templates

      Steps

      Adding Steps to a Workflow

      Managing Steps

      Transitions

      Activities

      Creating iTRAC Activities

      Managing Activities

      Managing iTRAC Roles

      Process Management

    Search Query Syntax

      Basic Search Query

      The notnull Query

      Tags in Search Queries

      Regular Expression Queries

      Range Queries

      IP Addresses Query

    Correlation Rule Expression Syntax

      Event Fields

      Event Operations

      Operators

      Order of Operators

    Legal Notice