The first step to normalizing event information in the CEG is to provide a field for normalization of the technology expressing the event. This normalization of the technology class allows for quick and easy reference to all events which were expressed by a specific class of technology irrespective of the application vendor. The CEG field used for normalization of the technology class is the ideal_model field. This field describes the class of technology that expressed the event. Some examples of ideal_model include:
For example, Check Point, Cisco and Netscreen/Juniper all produce specific products that are normalized with a value of Firewall in the field ideal_model.
Copyright © 2013 CA.
All rights reserved.
|
|