Policy Tab

Define the Event Record of a security or network incident that is based on one or more logs, and on a customizable set of rules that are defined in the Event Policy. Policy in the Event Policy tab. Most configuration steps occur in the Policy tab. You define system components, such as SmartEvent Correlation Unit SmartEvent software component on a SmartEvent Server that analyzes logs and detects events., lists of blocked IP addresses and other general settings.

The types of events that SmartEvent can detect are listed here, and sorted into a number of categories. To change each event, change the default thresholds and set Automated Responses. You can also disable events.

The Policy tab has these sections:

• Selector Tree - The navigation pane.

• Detail pane - The settings of each item in the Selector Tree.

• Description pane - A description of the selected item.

You can edit the event policy Set of rules that define the behavior of SmartEvent. in one of these ways:

• Fine-tune the Event Policy.

• Change the existing Event Definition to see the events that interest you in Modifying Event Definitions.

• Create new Event Definitions to see the events that are not included in the existing definitions.

Save Event Policy

Modifications to the Event Policy do not take effect until saved on the SmartEvent Server Dedicated Check Point server with the enabled SmartEvent Software Blade that hosts the events database. and installed to the SmartEvent Correlation Unit.

To enable changes made to the Event Policy:

1. Click File > Save.

2. Click Actions > Install Event Policy.

Revert Changes

You can undo changes to the Event Policy, if they were not saved.

To undo changes: click File > Revert Changes.