58
U
D
SING THE
EPLOYMENT
Editing Deployment
Editor Preferences
Step 1
Step 2
Step 3
Building Your
Event View
Step 1
Step 2
Step 3
E
DITOR
To edit the deployment editor preferences:
From the deployment editor main menu, select File > Edit Preferences.
The Deployment Editor Setting window appears.
Enter values for the following parameters:
Presence Poll Frequency - Specify how often, in milliseconds, that the
•
managed host monitors your deployment for updates, for example, a new or
updated managed host.
Zoom Increment - Specify the increment value when the zoom option is
•
selected. For example. 0.1 indicates 10%.
Close the window
The Deployment Editor appears.
The Event View allows you to create and manage the SIM components for your
deployment including:
Event Collector - Collects security events from various types of security
•
devices in your network. The Event Collector gathers events from local, remote,
and device sources. The Event Collector then normalizes the events and sends
the information to the Event Processor. The Event Collector also bundles all
virtually identical events to conserve system usage.
Event Processor - An Event Processor processes flows collected from one or
•
more Event Collector(s). The events are bundled once again to conserve
network usage. Once received, the Event Processor correlates the information
from STRM Log Management and distributes to the appropriate area,
depending on the type of event. The Event Processor also includes information
gathered by STRM Log Management to indicate any behavioral changes or
policy violations for that event. Rules are then applied to the events that allow
the Event Processor to process according to the configured rules.
To build your Event View, you must:
Add SIM components to your view. See
Connect the components. See
Forward normalized events. See
STRM Log Management Administration Guide
Adding
Components.
Connecting
Components.
Forwarding Normalized
Events.