Correlation rules

Correlation rule resources are used in services of correlators to recognize specific sequences of processed events and to take certain actions after recognition, such as creating correlation events/alerts or interacting with an active list.

The available correlation rule settings depend on the selected type. Types of correlation rules:

• standard—used to find correlations between several events. Resources of this kind can create correlation events.

  This resource kind is used to determine complex correlation patterns. For simpler patterns you should use other correlation rule kinds that require less resources to operate.

• simple—used to create correlation events if a certain event was found.
• operational—used for operations with Active lists. This resource kind cannot create correlation events.

In this section Standard correlation rules Simple correlation rules Operational correlation rules

Page top