What is the difference between an event and a log?

The distinction between an event and a log can be understood through their functional roles in network security management. A log entry represents a recorded instance of activity—be it a connection attempt, a system change, or a security incident. Logs serve as a complete historical record of actions and events as they occur; they are fundamental for auditing and forensics.

In contrast, an event is derived from these log entries. Specifically, an event arises when a log matches specific criteria established in an Event Policy. This means the event is a more focused and actionable representation of occurrences captured within the logs, indicating something that merits attention or a response based on the policies set.

Thus, while all events originate from log entries, not every log will translate into an event. This transformation allows security analysts to filter and prioritize information, ensuring that they are alerted to significant occurrences while managing the vast amount of data logged in a system.