Event Definition Parameters

When an eventClosed Record of a security or network incident that is based on one or more logs, and on a customizable set of rules that are defined in the Event Policy. definition is selected, its configurable elements appear in the Detail pane, and a description of the event is displayed in the Description pane. These are the usual types of configurable elements:

  • Thresholds, such as Detect the event when more than x connections were detected over y seconds

  • Severity, such as Critical, Medium, Informational, etc.

  • Automatic Reactions such as Block Source or run External Script

  • Exceptions

  • Time Object, such as to issue an event if the following occurs outside the following Working Hours

Not all of these elements appear for every Event Definition. After you install and run SmartEvent for a short time, you will discover which of these elements need to be fine-tuned per Event Definition.

For configuration information regarding most objects in General Settings, see System Administration.