Skip to content

Introduction of Correlation

A correlation rule is a pattern or a template used to relate multiple logs and identify a security incident. A correlation rule can include more than one event, it allows you to specify the ordering of the events, time windows between events, and using various conditions.

This service allows the user to correlate events based on data correlation rules that accommodate different needs, such as: brute force attack prevention, abnormal user behaviour, virus attacks (and/or propagation), application misbehaviour, etc.

To see more information about correlation, please follow the links below:

Alerts Module

Data flow rules and filters

How to create new alerts

How to create a DTS Alert