Which component receives events and assigns severity levels to the events; invokes any defined
automatic reactions, and adds the events to the Events Data Base?
A.
SmartEvent Correlation Unit
B.
SmartEvent Server
C.
SmartEvent Analysis DataServer
D.
SmartEvent Client
B
0
0
Answer B
https://sc1.checkpoint.com/documents/R77/CP_R77_SmartEvent_WebAdminGuide/17393.htm
The SmartEvent Architecture
SmartEvent has several components that work together to help track down security threats and make your network more secure:
* SmartEvent Correlation Unit, which analyzes log entries on Log servers
* SmartEvent Server, which contains the Events Database
* SmartEvent client, which manages SmartEvent
They work together in the following manner:
* The SmartEvent Correlation Unit analyzes each log entry as it enters a Log Server, looking for patterns according to the installed Event Policy. The logs contain data from both Check Point products and certain third-party devices. When a threat pattern is identified, the SmartEvent Correlation Unit forwards what is known as an event to the SmartEvent Server.
* When the SmartEvent Server receives events from a SmartEvent Correlation Unit, it assigns a severity level to the event, invokes any defined automatic reactions, and adds the event to the Events Database, which resides on the server. The severity level and automatic reaction are based on the Events Policy.
* The SmartEvent client displays the received events, and is the place to manage events (such as filtering and closing events) and fine-tune and install the Events Policy.
0
0
B. SmartEvent Server
I agree with florentjustin.
0
0