According to out of the box SmartEvent policy, the blade that will automatically be correlated into events is IPS. IPS (Intrusion Prevention System) is a blade that detects and prevents network attacks by inspecting traffic and applying signatures and protections. SmartEvent correlates IPS logs into events based on predefined event definitions, such as IPS Attack, IPS Attack High Confidence, IPS Attack Critical Confidence, etc. The other blades are not automatically correlated into events by default, but they can be added to the SmartEvent policy manually. References: [SmartEvent Policy]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit