Exceptions

Exceptions allow an eventClosed Record of a security or network incident that is based on one or more logs, and on a customizable set of rules that are defined in the Event Policy. to be independently configured for the sources, destination, service and other parameters depending on the event type. For example, if the event Port Scan from Internal Network is set to detect an event when 30 port scans occur within 60 seconds, you can also define that two port scans detected from host A within 10 seconds of each other is also an event.

To add an exception:

  1. Under Apply the following exceptions, click Add.

  2. Select the Source and/or Destination of the object to apply different criteria for this event.

Note - If you do not see the host object listed, you may need to create it in SmartEvent.(see System Administration).