Which are standard methods in creating Incidents? (Choose 3)
A. Create an incident from a dynamic list
B. Start an iTrac process with an import events step.
C. Create an empty incident and populate it with events
D. Generate a Crystal Report and click the create Incident link.
E. Use custom filter scripts to configure collectors to create an incident
F. Select events from within an active view and add to an existing incident
G. Associate a preconfigured correlation action to create an incident when a rule fires
C: To create an Incident:
/ Click Incidents > Create Incident, or click Create Incident button on the Tool Bar. The New Incident window displays.
F: In a Real Time Event Table of the Navigator or a Snapshot Real Time Event Table, select an
event or a group of events and right-click and select Create Incident.
G: Create Incident
Figure, Configure Action- Create Incident
This type of action can only be used in Correlation deployments
By which method do the Collector managers use to connect to the iScale Message Bus? (Choose 2)
E. Advanced script
There are two communication options available when installing the Collector Manager:
* Connect directly to the message bus (default)
* Connect to the message bus through the proxy:
You have modified your Collectors so they put Department in a custom variable (CV68) when you open an Active view, the column is still labeled CV66. Which menu options would you use to change the column label to Department?
A. Active view > properties
B. Admin > event Configuration
C. Active views > Event Management
D. Event Source management > Columns
Which feature allows you to dynamically filter and drill down in a set of historical events?
A. Raw Data Tap
B. Active Browser
C. Historical Event Query
D. Crystal Reports on Analysis tab
Which compatible variable types are used in iTRAC templates? (Choose 3)
The user can also be asked to set one or more variables to appropriate values. Four variable types
can be assigned to manual steps: (1) Integer, (2) Boolean, (3) String and (4) Float.
Which of the following RuleLG commands acts as an AND function?
Active views can be viewed by which chart types? (Choose 2)
B. Public: All
C. Virtual mode
D. Severity Level
E. Stacked Bar 2D
Explanation: Under the Chart Types tab, you can set your chart to Stacked Bar2D, Bar 3D, Line or Ribbon.
Which statement is true regarding Transaction?
A. A transaction does not support timeouts.
B. A transaction connects two steps in workflow template
C. A transaction imports additional events into an iTRAC process
D. A transaction modifies the template at the beginning or end of the process
You have created a custom .csv file to match IP addresses in your network to Department name and point of Contact. Which tools do you need to use in order to include Department Name and point of Contact in your incoming event stream from the Collectors? (Choose 2)
A. Filter Manager
B. Correlation Engine
C. Event configuration
D. Mapping configuration
E. Event Source Management
C: Event Configuration include Event Mapping.
D: Event Mapping is a mechanism that allows you to add data to an event by using data already in the event to reference and pull in data from an outside source.
* A map is a collection of values and keys defined in a CSV or text file. You can enrich your data by using maps. With the help of maps you can add additional information to the incoming events from your source device.
* Sentinel injects business-relevant contextual data directly into the event stream. It includes up to 135 customizable fields where users can add in asset specific information such as business unit, owner, asset value, geography. After this information is added into the system, all other components can take advantage of the additional context.
* The Collectors parse the data and deliver a richer event stream by injecting taxonomy, exploit
detection and business relevance into the data stream before events are correlated and analyzed and sent to the database.
Not B: The Correlation Engine (correlation_engine) process receives events from the Collector Manager
and publishes correlated events based on user-defined correlation rules.
A. Create java
B. Create Incident
C. Execute a Script
D. Execute a command
If you want to pass NOVELL 050-728 successfully, donot missing to read latest lead2pass NOVELL 050-728 dumps.
If you can master all lead2pass questions you will able to pass 100% guaranteed.