Exceptions

Exceptions allow an event to be independently configured for the sources, destination, service and other parameters depending on the event type. For example, if the event Port Scan from Internal Network is set to detect an event when 30 port scans occur within 60 seconds, you can also define that two port scans detected from host A within 10 seconds of each other is also an event.

To add an exception:

1. Under Apply the following exceptions, click Add.
2. Select the Source and/or Destination of the object to apply different criteria for this event.

Note - If you do not see the host object listed, you may need to create it in SmartEvent.

Creating Event Definitions (User Defined Events)

To create a user-defined event you must have knowledge of the method by which SmartEvent identifies events. This section starts with a high level overview of how logs are analyzed to conclude if an event occurs or occurred.