Sentinel: Active Views Tab – Description

  • Document ID:3065064
  • Creation Date:19-Jan-2007
  • Modified Date:26-Apr-2012
    • Micro Focus Products:
      Sentinel

Environment

Sentinel 5.x
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows 2000 Server
RedHat Linux
Solaris 9

Situation

What funtions does the Active View have?

Resolution

Active Views Tab - Description

Event views are formatted as tables. Active view configuration is determined by the das_rt.xml file. A near Real Time Event Table with graphical presentation and Snapshot are the two types of Active Views.

  • Near Real Time Event Table

    • Holds up to 750 events per 30-second period.

    • By default, the client maintains a 24-hour period of cached events. This is configurable through Active View Properties.

    • By default, the event table will display a maximum of 30,000 events. This is configurable through Active View Properties.

    • By default, the event table refreshes every 30 seconds (send time delay). This represented by a gray line in the event table.

    • In the event when there are more than 750 per 30-second time period, a red separation line will appear indicating that there are more events than what is displayed.

    • When saving user preferences, it will continue to collect data for 4 days. For instance, if you save your preferences, log out and log back in the following day your Active View will be display any data as if you never logged off.

    • If an Active View is created and not saved, it will continue to collect data for an hour. Within that hour time frame if an identical Active View is created, the Active View will display data for the last hour.

  • Snapshot - time-stamped views of a Real Time Event View table.

The following is what makes an Active View unique.

  • Filter assigned to an Active View

  • The z-axis attribute

  • The security filter assigned to a user


The Active Views Tab allows you to:

  • Reconfigure Active Views

  • Add Events to an incident

  • Close a Snapshot or a Visual Navigator Window

  • Create an incident

  • Custom Menu Options with Events

  • Delete a Snapshot or a Visual Navigator Window

  • Event Query

  • Graph Map

  • View Advisor Data

  • Manage Columns

  • Send messages about Events by e mail

  • Show or Hide Event Details

  • Snapshot of a Visual Navigator Window

  • View Events that triggered a correlated event

  • View Vulnerability Visualization

  • View Asset Data

A user can change values (column names) to display logical names and have it populate throughout the system. Apply attributes to the event stream that are relevant. For more information, see Sentinel Data Manager, the Wizard User's Guide and e-Security User Reference Guide.