Working with a Scanner Event

If you have an Event DatabaseA type of Event1. Either a log message that a Manager has standardized (i.e. normalized) for use by TLC (a.k.a. Normalized Messages), or an event or vulnerability imported from a scanner. 2. An 'event message' collected from a Log Source.-Management Database that stores Events from any Log SourceAny log-generating application, operating-system service, database instance, or device from which TLC collects log messages. and/or scannerA device that monitors systems in your TLC environment (for example, a vulnerability scanner).. with imported or collected Scanner Events, you can review these Events in the Event-Database ViewerA type of Database ViewerA TLC Console1. Tripwire LogCenter Console is the software for the TLC graphic user interface (GUI), or 2. The Tripwire LogCenter GUI. Through the TLC Console, you can configure TLC, oversee your TLC environment, and manage log and event data. component in which you can review information about Events in Event-Management Databases. Types of Database Viewers include the Event-Database Viewer, IDS-Database Viewer, and Firewall-Database Viewer. in which you can query and work with the data in your Event Databases..

For an introduction to scanners and Scanner Events, see What are Scanner Events?.

To review Scanner Events:

1.

In the side bar, select Events >Event-Database Viewer.

2.

In the side bar of the Event-Database Viewer, select Vulnerabilities or a scanner-field value under Vulnerabilities. For field descriptions, click here.

3.

In the workspace table, select the Scanner EventAn Event created when you import data from a scanner to an Event Database.. TLC opens the Vulnerability Details panel in the main pane (see Table 114). This panel presents information provided by the scanner.

Tip	You can sort, group, and filter the contents of tables. For more information, see Working with Tables).

Tip	For more information about working with the Event-Database Viewer, see Working with the Event-Database Viewer.

Table 114. Tabs in Vulnerability Details

Tab	Description
Information	General information about the Scanner Event and the Host1. A Log Source or a system involved in an Event. 2. A system on which TLC Manager, TLC Console, or Event-Management Database software is installed..
Details	Further details about the Scanner Event.
Summary	Information about the scan that created the Scanner Event.
Description	A description of the Scanner Event.
Solution	If the Scanner Event is a vulnerabilityA potential security weakness identified by a vulnerability scanner. In an Event Database, you can import or collect vulnerabilities detected by a scanner., this tab provides remediation steps for resolution of the vulnerability.
Event Tickets	Lists any Event Tickets to which the Scanner Event is assigned. For more information, see Working with Event Tickets in the Event-Database Viewer.