The third step to normalizing event information in the CEG is to determine the class of the expressed event information. The event_class field represents a further breakdown of events for a specific event category. By providing another layer of classification, security events can be further grouped to represent specific interest and technology areas.
The event_class field provides a holder for a classification of events inside a specific category. It associates an event category and an event class. For example, Account Creation is associated with the Identity Management category and Account Management class.
Examples of event class under Identity Management event category are:
Copyright © 2013 CA.
All rights reserved.
|
|