|
|
|
The fourth type of event is the distributed observed event. This type of event involves four entities where the agent is installed remotely from the event source. A second configuration would have the agent picking the event up from a fifth entity called the Event Repository action where the event source passes the event to this repository and the agent picks up the events from the repository.
An example of this type of event is a Network IDS using distributed sensors and a central management console (ISS). The remote sensors observe interactions between network entities and forward events to the central management console. An agent installed on a fourth host will pickup these events and process them using ODBC or OPSEC protocols.
|
Source |
Destination |
Event Source |
Agent |
|---|---|---|---|
|
Host A |
Host B |
Host C |
Host D |
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |