Correlation rules

Kaspersky Unified Monitoring and Analysis Platform

Support Send link Get as PDF

KUMA resources > Correlation rules

Correlation rules

Correlation rule resources are used in services of correlators to recognize specific sequences of processed events and to take certain actions after recognition, such as creating correlation events/alerts or interacting with an active list.

The available correlation rule settings depend on the selected type. Types of correlation rules:

standard—used to find correlations between several events. Resources of this kind can create correlation events.
This resource kind is used to determine complex correlation patterns. For simpler patterns you should use other correlation rule kinds that require less resources to operate.
simple—used to create correlation events if a certain event was found.
operational—used for operations with Active lists. This resource kind cannot create correlation events.

In this section

Standard correlation rules

Simple correlation rules

Operational correlation rules

Article ID: 217783, Last review: Sep 2, 2022

Page top