Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Standard view
Full view
of .
Look up keyword or section
Like this

Table Of Contents

Introducing SmartEvent
The SmartEvent Solution
Scalable, Distributed Architecture
Centralized Event Correlation
Easy Deployment
Real-Time Threat Analysis and Protection
Intelligent Event Management
Event Investigation Tracking
The SmartEvent Architecture
Data Analysis and Event Identification
Event Management
Interoperability with Security Management
SmartEvent Client
Basic Concepts and Terminology
Initial Configuration
Check Point Licenses
Initial Configuration of SmartEvent and SmartReporter Clients
Initial Configuration of SmartEvent and SmartReporter Clients
Define the Internal Network for SmartEvent
Defining Correlation Units and Log Servers for SmartEvent
Creating a Consolidation Session for SmartReporter
Enabling Connectivity with Provider-1
Installing the Network Objects in the SmartEvent Database
Configuring SmartEvent to work with Provider-1
Incorporating Third-Party Devices
Syslog Devices
Windows Events
SNMP Traps
Analyzing Events
Event Queries
Predefined Queries
Custom Queries
Customizing Query Filters
Event Query Results
Event Log
Event Statistics Pane
Event Details
Presenting Event Data
Overview Tab
Reports Tab
Timeline Tab
Charts Tab
Maps Tab
Administrator Permission Profiles - Events and Reports
Administrator Permission Profiles - Events and Reports
Investigating Events
Tracking Event Resolution using Tickets
Editing IPS Protection Details
Displaying an Event's Original Log Information
Using Custom Commands
Configuring Event Definitions
Tuning SmartEvent Using Learning Mode
Running Learning Mode
Working with Learning Mode Results
Modifying Event Definitions
Event Definitions and General Settings
Event Definition Parameters
Creating Event Definitions (User Defined Events)
High Level Overview of Event Identification
Creating a User-Defined Event
Eliminating False Positives
Services that Generate Events
Common Events by Service
Administrator Permissions Profile - Policy
System Administration
Modifying the System's General Settings
Adding Network and Host Objects
Defining Correlation Units and Log Servers
Defining the Internal Network
To define the Internal Network:
Offline Log Files
Configuring Custom Commands
Creating an External Script
Managing the Event Database
Backup and Restore of the Database
Adjusting the Database Size
SmartEvent High Availability Environment
How it works
Log Server High Availability
Correlation Unit High Availability
Third-Party Device Support
New Device Support
Parsing Log Files
Adding New Devices to Event Definitions
Syslog Parsing
Administrator Support for WinEventToCPLog
0 of .
Results for:
No results containing your search query
P. 1


Ratings: (0)|Views: 513|Likes:
Published by Angel Ivan Cazañas

More info:

Published by: Angel Ivan Cazañas on Apr 01, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





You're Reading a Free Preview
Pages 5 to 51 are not shown in this preview.
You're Reading a Free Preview
Pages 56 to 80 are not shown in this preview.

Activity (4)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
Stephen Attard liked this
Tommy Bäck liked this

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->