SmartEvent does NOT use which of the following procedures to identify events?
A. Matchin
g a log against each event definition
B. Create an event candidate
C. Matching a log against local exclusions
D. Matching a log against global exclusions
Explanation:
Events are detected by the SmartEvent Correlation Unit. The Correlation Unit task is to scan logs for criteria that match an Event Definition. SmartEvent uses these procedures to identify events:
Matching a Log Against Global Exclusions
Matching a Log Against Each Event Definition
Creating an Event Candidate
When a Candidate Becomes an Event
Reference: https://sc1.checkpoint.com/documents/R76/CP_R76_SmartEvent_AdminGuide/17401.htm