The Summary page summarizes events by type.
- What do the different status colors mean?
- How are events grouped into categories?
- How can I see the individual events?
- How do I control the events that are generated?
The status color indicates the most severe event within the category during the selected Interval:
- No events of this type
The following categories (or Event Types) are defined:
- Security, including security signature matches.
- Threshold, including interface counter threshold violations.
- Status, including agent up/down events.
- Configuration, including new data sources events.
- Process, including process start/stop/failed events.
Individual events are shown on the Sentinel:Events>List page. If you click on a status box on the Summary page you will be taken to the Events>List page with filters set to show just the severest events in the selected category.
Scheduled reports may post Security, Threshold, or Configuration events (see Report). You will need to configure thresholds before counter-based threshold events will be generated (see File>Configure).