SmartEvent Correlation Unit

The SmartEvent Correlation Unit analyzes the log entries and identifies events from them. During analysis, the SmartEvent Correlation Unit does one of these actions:

• Marks log entries that are not stand-alone events, but can be part of a larger pattern to be identified later.
• Takes a log entry that meets one of the criteria set in the Events Policy, and generates an event.
• Takes a new log entry that is part of a group of items. Together, all these items make up a security event. The SmartEvent Correlation Unit adds it to an ongoing event.
• Discards log entries that do not meet event criteria.