The Manage tab organizes event sources into groups, and displays attributes for each event source.
To access this tab, in the Security Analytics menu, select Administration > Event Sources. The Manage tab is displayed by default.
Procedures related to this tab are described in Manage Event Source Groups.
The Manage tab consists of two panels, Groups and Event Sources.
The Groups Panel lists the event source groups, as well as a count of the members for each group. To see all event sources, select All from the groups list. This is an example of the Groups panel.
The Groups panel contains the following features.
These are the standard Security Analytics icons for adding, removing, or editing groups.
The count for an event source group indicates the number of event sources in that group. That is, the number of event sources that match the criteria used to define the group.
Note: The count is not dynamically updated when new event sources are added. Thus, you may need to refresh to see an updated group count.
The Name column lists the identifier for each group. You can use the group names to quickly identify some of the criteria used to form the group.
For example, if you create a group that consists of Windows event sources for the Sales organization, you could name the group Windows Sales Sources.
Note: The event source group name is not editable. Once you create a group, that name exists as long as the group itself.
Event Sources Panel
The Event Sources panel displays the attributes for the event sources in the selected group. Or, if All is selected in the Groups panel, the Event Sources panel lists all event sources.
In the Event Sources panel, the list of items is presented in a sorted order. You can choose which column on which to sort. Note, however, that the sort order depends on capitalization.
For any string column, if the values contains a mix of lower case and upper case, the upper case appear in the list before the lower case values.
For example, assume the Event Source Type column contains the following entries: Netflow, APACHE, netwitnessspectrum, ciscoasa. The sort order would be as follows: