The event categories and classes include threats, security risks, content filtering,
network security, spam, and systems management. The range of events varies
depending on the Symantec applications that are installed and managed by the
Information Manager. The Information Manager provides you with an open,
standards-based foundation for managing security events from Symantec clients,
gateways, servers, and Web servers.
SSIM Agents collect events from Symantec security products and send the events
to the Symantec Security Information Manger which uses a sophisticated set of
rules to filter, aggregate, and correlate the events into security incidents and
allows for full tracking and response. The Symantec Security Information Manager
allows you to manage and respond to incidents from threat and vulnerability from
discovery through resolution.
The Symantec Incident Manager evaluates the impact of incidents on the
associated systems and assigns incident severities. A built-in Knowledge Base
provides information about the vulnerabilities that are associated with the incident.
The Knowledge Base also suggests tasks that you can assign to a help desk ticket
for resolution.
Symantec Security Information Manager is purchased and installed separately.
The appliance must be installed and working properly before you can configure
Symantec Mail Security to log events to the SSIM.
For more information, see the Symantec Security Information Manager
documentation.
Interpreting events in the Information Manager
SSIM provides extensive event management capabilities, such as common logging
of normalized event data for Information Manager-enabled security products like
Symantec Mail Security for SMTP. The event categories and classes include threats
(such as viruses), security risks (such as adware and spyware), content filtering
rule violations, network security, spam, and systems management.
For more information about interpreting events in the Information Manager and
on the event management capabilities of the Information Manager, see the
Symantec Security Information Manager documentation.
Symantec Mail Security for SMTP can send the following types of events to the
Information Manager:
■
Firewall events
■
Definition Update events
■
Message events
Integrating Symantec Mail Security with Symantec Security Information Manager
Interpreting events in the Information Manager
58