Leave a Reply 5

Your email address will not be published. Required fields are marked *


bergermn

bergermn

Straight from the admin guide….
When the SmartEvent server receives events from a Correlation Unit, it assigns a severity level to the event, invokes any defined automatic reactions, and adds the event to the Events Database, which resides on the server. The severity level and automatic reaction are based on the Events Policy.

Bhakti Prasanna Dash

Bhakti Prasanna Dash

Similar explanation as the question before…

The Correlation Unit analyzes each log entry as it enters a Log server, looking for patterns according to the installed Event Policy. The logs contain data from both Check Point products and certain third-party devices. When a threat pattern is identified, the Correlation Unit forwards what is known as an event to the SmartEvent server.
When the SmartEvent server receives events from a Correlation Unit, it assigns a severity level to the event, invokes any defined automatic reactions, and adds the event to the Events Database, which resides on the server. The severity level and automatic reaction are based on the Events Policy.

florentjustin

florentjustin

Answer A

https://sc1.checkpoint.com/documents/R77/CP_R77_SmartEvent_WebAdminGuide/17393.htm

The SmartEvent Architecture

SmartEvent has several components that work together to help track down security threats and make your network more secure:

* SmartEvent Correlation Unit, which analyzes log entries on Log servers
* SmartEvent Server, which contains the Events Database
* SmartEvent client, which manages SmartEvent

They work together in the following manner:

* The SmartEvent Correlation Unit analyzes each log entry as it enters a Log Server, looking for patterns according to the installed Event Policy. The logs contain data from both Check Point products and certain third-party devices. When a threat pattern is identified, the SmartEvent Correlation Unit forwards what is known as an event to the SmartEvent Server.

* When the SmartEvent Server receives events from a SmartEvent Correlation Unit, it assigns a severity level to the event, invokes any defined automatic reactions, and adds the event to the Events Database, which resides on the server. The severity level and automatic reaction are based on the Events Policy.

* The SmartEvent client displays the received events, and is the place to manage events (such as filtering and closing events) and fine-tune and install the Events Policy.

Esteban

Esteban

A. assigns a severity level to an event.