Correlation Scenarios¶
Correlation is a technique of analyzing data from different sources to identify a pattern of events. It is used to detect any anomalies in your IT environment. You will gain better visibility and start becoming proactive in case of an issue.
Log correlation is a crucial part of log monitoring. When the logs are collected and stored, the correlation service engine performs analysis to detect specific events. Log correlation is a key log analysis that helps admins detect problems.
Functional overview¶
We set the metrics with the count of specific log events type or with any other sources thanks to the Query Builder module. In other words, a metric attribute will reflect a specific events pattern situation. And then you can define a scenario with Boolean correlation rules on these metrics attributes. You can use real time value or trend metrics. Then this scenario, when it is matched, will be used to trigger any remediation activity thanks to the Automation Guide module.
Scenario rules list:
Controls description:
