What is the difference between an event and a log?

The distinction between an event and a log is rooted in how each is generated and processed within security systems. A log entry can be thought of as a record of a specific occurrence that is captured by the system, detailing actions or activities that have taken place, such as traffic passing through a firewall or changes made to configurations. These logs are maintained for audit trails and are essential for troubleshooting.

An event, on the other hand, is a more refined concept. It arises when a log entry aligns with specific criteria or rules defined within an Event Policy. In essence, events are the aggregated or analyzed results of first-level log entries; they highlight significant occurrences that warrant attention, such as security threats or breaches, which have been categorized according to predefined responses and action criteria.

This layered processing enables security teams to focus on critical incidents rather than sifting through raw log data, which may contain vast amounts of information that are not immediately relevant or actionable. Thus, events being derived from log entries illustrates their more meaningful, processed nature that reflects actionable security information.