Symantec 10744983 Administration Guide - Page 222
Interpreting events in the Information Manager, Symantec Security Information Manager documentation.
UPC - 037648279321
View all Symantec 10744983 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 222 highlights
222 Integrating Symantec Mail Security with Symantec Security Information Manager Interpreting events in the Information Manager Information Manager. The Information Manager provides you with an open, standards-based foundation for managing security events from Symantec clients, gateways, servers, and Web servers. SSIM Agents collect events from Symantec security products and send the events to the Symantec Security Information Manger which uses a sophisticated set of rules to filter, aggregate, and correlate the events into security incidents and allows for full tracking and response. The Symantec Security Information Manager allows you to manage and respond to incidents from threat and vulnerability from discovery through resolution. The Symantec Incident Manager evaluates the impact of incidents on the associated systems and assigns incident severities. A built-in Knowledge Base provides information about the vulnerabilities that are associated with the incident. The Knowledge Base also suggests tasks that you can assign to a help desk ticket for resolution. Symantec Security Information Manager is purchased and installed separately. The appliance must be installed and working properly before you can configure Symantec Mail Security to log events to the SSIM. For more information, see the Symantec Security Information Manager documentation. Interpreting events in the Information Manager SSIM provides extensive event management capabilities, such as common logging of normalized event data for Information Manager-enabled security products like Symantec Mail Security for SMTP. The event categories and classes include threats (such as viruses), security risks (such as adware and spyware), content filtering rule violations, network security, spam, and systems management. For more information about interpreting events in the Information Manager and on the event management capabilities of the Information Manager, see the Symantec Security Information Manager documentation. Symantec Mail Security for SMTP can send the following types of events to the Information Manager: ■ Firewall events ■ Definition Update events ■ Message events ■ Administration events