Terminology — Archive 1.0-beta1
- audit
- the process of evaluating logs within an environment (e.g., within an electronic system). The typical goal of an audit is to assess the overall status or identify any notable or problematic activity.
- category
- see event category
- event
- a single occurrence within an environment, usually involving an attempted state change. An event usually includes a notion of time, the occurrence, and any details the explicitly pertain to the event or environment that may help explain or understand the event’s causes or effects.
- event category
- groups events based upon one or more event categorization methodologies. Example methodologies include organization based upon what happened during the event, the involved parties, device types impacted, etc.
- event consumer
- any tool that consumes event records. May be used interchangably with "log consumer"
- event field
- one characteristic of an event. Event fields are defined in the field dictionary portion of a CEE Profile and are used in event records. Examples of an event field include date, time, source IP, user identification, and host identification. An event field relates a name identifier with a single field value.
- event producer
- any tool that produces event records. May be used interchangably with "log producer"
- event record
- a describing of a single event. Generally, a record is an encoded collection of event fields that, together, describe the single event. Terms synonymous to event record include "audit record" and "log entry".
- field
- see event field
- log (n)
- a collection of event records. Terms such as "data log," "activity log," "audit log," "audit trail," "log file," and "event log" are often used to mean the same thing as log.
- log (v)
- the act of recording events into logs. Examples of logging include recording events into records a text log file, or storing the data in binary files or databases.
- profile
- a description of events, including event fields, event categories, and tags, that are generated by a product or relate to a specific capability (e.g., authentication or configuration management, firewall, signature detection, routing).
- record (n)
- see event record
- record (v)
- the act of saving the details of an event; recording an event as an event record.
BACK TO TOP
Page Last Updated: May 15, 2013