Using correlation applications

This final section puts together various concepts discussed previously by explaining the practical application of the correlation elements introduced in Correlation server input and output and elaborated upon in Normalization of input data through Thread and trigger component.

BMC Defender Server has application within diverse business models. The program can operate as a security system, supporting regulatory compliance, but can also serve as an essential building block in a larger management strategy.

This section confines the discussion to BMC Defender Server's role as an enterprise correlation server. However, it is important to consider that this is only one of a multiplicity of possible application roles for BMC Defender Server.

This section also provides a further discussion of the various correlation components, specifically how to effectively use threads, alerts, actions, and tickets, to create a correlation strategy for an enterprise. As part of this discussion, this section suggests practical configuration policies for the system, as well as more theoretical discussions.

This section provides information about the following topics:

• Correlation server input and output
• Normalization of input data
• Creating custom facilities
• Input message filter policies
• Thread and trigger component
• Thread configuration policies
• Deriving new threads, triggers, and alerts
• Action program configuration
• Advanced correlation using actions
• Action program configuration policies
• Ticket component
• Ticket handling policies
• Tickets as final outputs