Support

Support for business applications

Kaspersky Unified Monitoring and Analysis Platform

User guide

Example of incident investigation with KUMA

Step 3. Check if the triggered correlation rule matches the data of the alert events

Kaspersky Unified Monitoring and Analysis Platform
Нет результатов
Knowledge Base Online Help
FAQ Solution overview Forum Contact support Product videos

Step 3. Check if the triggered correlation rule matches the data of the alert events

April 8, 2024

ID 245829

Get as PDF

At this step, you must view the information about the alert and make sure that the alert event data matches the triggered correlation rule.

Example

The name of the alert indicates that a critical registry hive was modified. The Related events section of the alert details displays the table of events related to the alert. The analyst sees that the table contains one event showing the path to the modified registry key, as well as the original and the new value of the key. Therefore, the correlation rule matches the event.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.