Configuring the table of registered events

You can configure the following settings for displaying the events table:

• Display of the information panel.
• Display of events included in incidents.
• Contents and order of columns displayed in the table.

To configure the events table display settings:

1. In the Events section, click the Customize table link to open the window for configuring how the table is displayed.
2. If you want to enable display of the information panel showing the number of events with the New and In progress statuses, select the Display information panel check box.
3. In the Display embedded lists settings group, select the relevant mode for displaying events included in incidents:
   • Flat. In this mode, the events table displays all events without consideration of how events are nested in incidents.
   • Tree. In this mode, incidents are displayed as a tree of embedded events and other incidents. If you want the nested elements of incidents to be displayed regardless of the current filter and search settings, select the Show embedded events when filtering check box.
4. In the Displayed table columns settings group, select the check boxes opposite the settings that you want to view in the table. You must select at least one setting.

   The following settings are available for viewing:

   • Start

     For an event that is not an incident – date and time of event registration. For an incident – date and time of registration of the first event included in the incident. In the table, you can view the date together with the time, or just the date or time by itself. To choose the information to display, select the check boxes opposite the Date and/or Time settings.

   • Last seen

     For an event that is not an incident, this is the date and time when the event last occurred. It may contain the date and time of event registration, or the date and time when the event regenerate counter value increased if the conditions for event registration were repeated during the event regenerate timeout. The value of the regenerate counter is displayed in the Total appearances column. For an incident, this is the latest date and time of last occurrence of events that are part of the incident. Just like with the Start column, you can view the date together with the time, or just the date or time by itself.

   • Title

     Header defined for the event type.

   • Severity

     This icon corresponds to the severity level of an event or incident.

   • Source

     Address of the source of network packets (the abbreviated names for display in table cells are specified in parentheses):

     • IP address
     • Port number (P)
     • MAC address
     • VLAN ID (VID)
     • Application-level address
   • Destination

     Address of the destination of network packets (the abbreviated names for display in table cells are specified in parentheses):

     • IP address
     • Port number (P)
     • MAC address
     • VLAN ID (VID)
     • Application-level address
   • Protocol

     Application layer protocol that was being monitored when the application registered the event.

   • Technology

     This icon corresponds to the technology that was used to register the event.

   • Total appearances

     For an event that is not an incident, this is the value of the regenerate counter after the event is registered within the event regenerate timeout. A value greater than 1 means that the conditions for event registration were repeated N – 1 times. The value 1 is displayed for the incident in this column.

   • ID

     Unique ID of the registered event or incident.

   • Status

     This icon corresponds to the status of an event or incident.

   • Description

     Description specified for the event type.

   • End

     For an event that is not an incident, this is the date and time when the Resolved status was assigned, or the date and time of the event regenerate timeout. For an incident, this is the latest date and time of the end of events that are part of the incident. Just like with the Start column, you can view the date together with the time, or just the date or time by itself.

   • Triggered rule

     For an event that is not an incident, this is the name of the Process Control rule or Intrusion Detection rule whose triggering caused the registration of the event. For an incident, this is the name of the correlation rule whose triggering caused the registration of the incident.

   • Monitoring point

     Monitoring point whose traffic invoked registration of the event.

   • Event type

     Numerical code assigned to the event type.

   • Marker

     This is a selection of icons that you can set for any event or incident so that you can easily find events and incidents based on a criterion that is not in the table.

5. If you want to change the order in which columns are displayed, select the name of the column that you want to move to the left or right in the table and use the buttons containing an image of the up or down arrows.

   For the Start, Last seen and End columns, you can also change the order in which the date and time are displayed. For the Source and Destination columns, you can change the order of the addresses of the senders and recipients of network packets. To do so, select the value that you want to move to the left or right in the table and use the buttons containing an image of the up or down arrows.

The selected columns will be displayed in the Events section in the table in the order you specified.