SmartEvent Correlation Unit

The SmartEvent Correlation Unit SmartEvent software component on a SmartEvent Server that analyzes logs and detects events. analyzes the log entries and identifies events from them. During analysis, the SmartEvent Correlation Unit:

• Marks log entries that are not stand-alone events, but can be part of a larger pattern to be identified later.

• Takes a log entry that meets one of the criteria set in the Events Policy, and generates an event Record of a security or network incident that is based on one or more logs, and on a customizable set of rules that are defined in the Event Policy..

• Takes a new log entry that is part of a group of items. Together, all these items make up a security event. The SmartEvent Correlation Unit adds it to an ongoing event.

• Discards log entries that do not meet event criteria.