Event severity is the last CEG field used for normalization. Event severity is interpretation of the seriousness of an event applies to all types of events. The event_severity field contains a severity level value ranging from 0 to 7 with clearly defined descriptions.
Event severity provides a reference point for comparing the internal relativity of a security event in terms of its threat and implication to system security, stability, availability and integrity. As a field, event_severity is not always mapped to result_severity but conveys similar message.
As it applies to the CEG, the purpose of the event_severity fields is to map the value of the result_severity field assigned by different vendors in their security logs to a common denominator.
Copyright © 2013 CA.
All rights reserved.
|
|