The second step to normalizing event information in CEG is to determine the category the expressed event information best fits. By providing a field for categorizing the expressed event information the CEG supports cross-product reporting for broad categories of events. The CEG field used for this step in normalization is event_category field. It also provides an easy reference point for setting filters to show specific information for compliance reporting.
Some examples of event_category are:
For example, all failed and successful logins are recorded with the same value, System Access, in the field event_category.
Copyright © 2013 CA.
All rights reserved.
|
|