|
|
|
An event is a record of a security incident. It is based on one or more logs, and on rules that are defined in the Event Policy.
An example of an event that is based on one log: A High Severity Anti-Bot event. One Anti-Bot log with a Severity of High causes the event to be recorded.
An example of an event that is based on more than one log: A Certificate Sharing event. Two login logs with the same certificate and a different user cause the event to be recorded.
SmartEvent automatically defines logs that are not Firewall, VPN, or HTTPS Inspection logs, as events.
Events that are based on a suspicious pattern of one or more logs, are created by the SmartEvent Correlation Unit. These correlated events are defined in the SmartEvent client GUI, in the Policy tab.
Most logs are Firewall, VPN and HTTPS inspection logs. Therefore, SmartEvent does not define them as events by default to avoid a performance impact on the SmartEvent Server. For logs from R77.xx Gateways and lower: To create events for Firewall, in the SmartEvent Policy tab, enable Consolidated Sessions > Firewall Session.
