The Correlation Unit performs all but the following actions:
A. Marks logs that individually are not events, but may be part of a larger pattern to be identified later.
B. Generates an event based on the Event policy.
C. Assigns a severity level to the event.
D. Takes a new log entry that is part of a group of items that together make up an event, and adds it to an ongoing event.
The correct is B
SmartEvent Correlation Unit
The SmartEvent Correlation Unit analyzes the log entries and identifies events from them. During analysis, the SmartEvent Correlation Unit does one of these actions:
Marks log entries that are not stand-alone events, but can be part of a larger pattern to be identified later.
Takes a log entry that meets one of the criteria set in the Events Policy, and generates an event.
Takes a new log entry that is part of a group of items. Together, all these items make up a security event. The SmartEvent Correlation Unit adds it to an ongoing event.
Discards log entries that do not meet event criteria.
Why B? C is correct.
Your own quote:
A – Marks log entries that are not stand-alone events, but can be part of a larger pattern to be identified later.
B – Takes a log entry that meets one of the criteria set in the Events Policy, and generates an event.
D – Takes a new log entry that is part of a group of items. Together, all these items make up a security event. The SmartEvent Correlation Unit adds it to an ongoing event.
Discards log entries that do not meet event criteria.
C is not mentioned here, because it is done by SmartEvent Server, not Correlation Unit.
yes, my mistake. C is correct