SmartEvent does NOT use which of the following procedures to identify events?

A. Matchin

g a log against each event definition

B. Create an event candidate

C. Matching a log against local exclusions

D. Matching a log against global exclusions

Explanation:

Events are detected by the SmartEvent Correlation Unit. The Correlation Unit task is to scan logs for criteria that match an Event Definition. SmartEvent uses these procedures to identify events:

Matching a Log Against Global Exclusions

Matching a Log Against Each Event Definition

Creating an Event Candidate

When a Candidate Becomes an Event

Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SmartEvent_AdminGuide/17401.htm