Table of Contents
Advertisement
About Event
Category
Correlation
E
C
VENT
ATEGORY
This document provides information on the types of event categories and the
processing of events. For example, the event category determines if events will
have an offense automatically created, real-time flow analysis, rate analysis, and
the default correlation tests performed. This document provides information on
event correlation including:
About Event Category Correlation
•
Recon
•
DoS
•
•
Authentication
•
Access
•
Exploit
Malware
•
Suspicious Activity
•
System
•
Policy
•
CRE
•
•
Potential Exploit
•
SIM Audit
VIS Host Discovery
•
Application
•
An Event Processor processes events collected from one or more Event
Collector(s). Once received, the Event Processor correlates the information from
STRM and distributes to the appropriate Correlation Group for processing.
The Correlation Groups perform tests on the events to determine factors such as
vulnerability data, relevance of the targets, importance, or credibility of the events.
The results of the Correlation Group tests appear as annotations in the Offense
Manager and Event Viewer. Also, custom rules are applied to additional events for
specific incident recognition. Once complete, the Event Processor stores the event
STRM Event Category Correlation Reference
C
ORRELATION
Advertisement
Table of Contents
