An iRecorder is a special type of iSponsor that sends unsolicited data, such as events, to an event management system such as eTrust Audit. Like a recorder, you deploy the iRecorder on or near the system that reports events in order to harvest them easily. Unlike recorders, iRecorders can receive events from physical devices, applications, databases, or operating systems. Sources and systems are usually located on the same host.
After it harvests events from the source, the iRecorder assigns an event classification (taxonomy) to events from similar sources, and maps information in the events as field-value pairs to a normalized data model. A common taxonomy and data model permit correlation from different sources.
The field-value pairs are packed in an XML string and sent to the iRouter. The iRouter converts the XML string into SAPI events and sends them to the local router. Events are processed and forwarded to the Action Manager and then to the Security Monitor or collector, according to the corresponding policy rules installed on the iRouter host.
The iRecorders contain a set of predefined policies to be imported in the eTrust Audit Policy Manager as part of the default policies. For more information, see the eTrust Audit Management Guide.
Copyright © 2012 CA.
All rights reserved.
|
|