You can re-run a monitor from any time in the past. If you want to re-run a monitor from the time before it was first created, you can do so by using the Latest Version mode (see below). You need appropriate security privileges to re-run a monitor.
If Case Management is enabled in Sentinel, then all cases that were previously raised by the monitor’s events since the Start Time specified in the Re-Run are deprecated.
1. In the Workspace panel, locate the monitor 
that you want to re-run.
2. Right-click on the monitor.
3. Select Re-Run 
from the monitor menu.
The Re-Run Monitor screen appears.
4. To select a start date and time, click the calendar 
icon in the Start Time edit box. The default date and time is 12:00 AM of the current date.
5. Select the Re-Run Mode.
Time-aware: The monitor runs using every major version of the monitor from the selected start time.
Use Latest Version: The latest major version of the monitor runs through all data from the start time.
6. If you want actions to be raised, select the Re-send actions check box. Actions will be sent where they are triggered, for the entire period covered by the re-run.
7. If you want to raise cases, select the Raise Cases check box. Note: This option is only available if Case Management is enabled.
8. Click OK.
9. Click Yes on the Re-Run Monitor confirmation screen that appears.
Note: All the events and related comments from the selected re-run start date will be deleted as part of the re-run, and cases will be deprecated. New events will be generated according to the re-run option you select.
The monitor starts the re-run immediately, starting from the selected start time and continuing into current time, using the selected re-run mode.
Note that while the monitor is re-running over historical data, current events are not triggered. You may edit a monitor while it is undergoing a re-run.
Note: You cannot re-run a quantized monitor if it does not have a full period of data to process. Let’s say the current time is 4:30 and we have a quantized monitor set to run at hourly intervals (commencing at the beginning of the hour and ending at the end of the hour).
If you schedule a monitor re-run for, say, 3:45, the re-run will snap to the nearest hour (4:00) due to it being a quantized monitor, and it will attempt to re-run the period commencing at 4:00. However, as it does not have a full hour to process (as the current time is 4:30), the monitor re-run will fail.
