Limited supportBMC provides limited support for this version of the product. As a result, BMC no longer accepts comments in this space. If you encounter problems with the product version or the space, contact BMC Support.BMC recommends upgrading to the latest version of the product. To see documentation for that version, see BMC AMI Command Center for Security 6.2.

Key concepts

This section provides information about:

  • Advanced correlation features of the BMC Defender Server (the general name for BMC AMI Command Center for Security and BMC Defender SIEM Correlation Server)
  • Specific features and capabilities of the program related to the higher correlation functions of the system, including operating theory, application notes
  • Certain features of the system that are intended for advanced users and not documented elsewhere

The BMC Defender Server is easy to get started with and its basic correlation functions (see Basic-correlation-components) might be sufficient for most enterprises. However, the BMC Defender Server has a number of highly sophisticated features that permit it to perform advanced correlation of messages and data. These are explained in detail in this section, including quick reference tables at the end of this section that document basic correlation rules.

The information contained in this section provides a philosophical basis and description of operation. Subsequent sections address the actual application of BMC Defender Server, including a technical description of how to compose and use correlation match patterns, triggers, macros and alerts.

BMC recommends that you log on to the BMC Defender Server system and test the various examples illustrated in this section. This provides useful practice of how to configure the system, as well as reinforce the concepts stated in this section and the detailed information in the sections that follow.

Note

For information about each of these applications, such as how to navigate BMC Defender Server and the program's objectives, see Using.

This section provides information about the following topics:

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*