Matching a Log Against Event Exclusion

Before SmartEvent generates logs for a specific eventClosed Record of a security or network incident that is based on one or more logs, and on a customizable set of rules that are defined in the Event Policy., it checks to see if this event candidate attributes are listed in the exclusions table or not. Event Exclusions are defined on the Policy tab > Event Policy > Event Exclusions according to the attributes selected.

If an attribute matches an Event Exclusion, it is discarded by the system (an event is not generated). If not, the SmartEvent Correlation UnitClosed SmartEvent software component on a SmartEvent Server that analyzes logs and detects events. starts to match it against each Event Definition.