Symantec Security Information Manager 4.7 (STS) Set 2

DB2 Administrator ✘ Root Administrator ✘ System Administrator ✘ Domain Administrator ✔

10 ✘ 30 ✘ 60 ✘ unlimited ✔

Information Manager Event Viewer ✘ Archive Management Console tab ✘ Event Viewer API ✘ Incident Management Console tab ✔

Save it in Published Queries. ✘ Save it in Public Templates. ✘ Grant Read Query permission to the domain. ✘ Check the Shared option on the saved query. ✔

through the Lookup Tables pane of the Information Manager Console ✘ importing from HP OpenView through the OpenView Integration feature ✘ importing from a rule that is monitoring traffic on the network ✘ automatic population through a supported vulnerability scanner ✔

Rules can be created that escalate events to incidents, based on policies defined on each asset. ✘ The Rules Editor can create policies on each asset to determine what rules are executed when an eventoccurs. ✘ Rules can be configured on each asset that will launch a vulnerability scan when a specific type of eventoccurs. ✘ The Rules tab can be used on the console to automatically identify available ports on an asset. ✔

by running the NetScan user action on the asset ✘ by looking at the Services tab on the asset ✘ by viewing the Details tab for the asset ✘ by running the Host Information report on the asset ✔

configuration data of discovered devices ✘ vulnerabilities of discovered network devices ✘ patch levels installed on discovered devices ✘ the SANS risk level of each discovered device ✔

Symantec Security Information Manager ✘ DeepSight Global Intelligence Network ✘ Symantec Enterprise Security Manager ✘ Symantec Endpoint Protection ✔

Correlates events against the rule criteria, analyzes conclusions and creates impending incidents. ✘ Analyzes events against the rule criteria, correlates with existing conclusions and creates the impendingincident. ✘ Analyzes events against the rule criteria, creates conclusions and correlates conclusions into incidents. ✘ Applies individual rules to events, analyzes conclusions and correlates events into incidents. ✔