Welcome to the Aanval Wiki. Snort, Suricata and Syslog Intrusion Detection, Situational Awareness and Risk Management.

Visit http://www.aanval.com/ for more information.

Aanval:Event Correlation

From Aanval Wiki
Jump to: navigation, search

What is Event Correlation and how does it work?

Event correlation is a intelligent grouping of events.

The Live Event Correlation display uses all details of an event to determine the percentage of relation each event has with one another.

Using Live Event Correlation

After selecting the icon for Live Event Correlation, a grouping of correlated events will be displayed below the starred primary event Aanval has selected as the unique event from current events.

Users can further filter the display by selecting a specific risk level (from provided drop-down boxes) and specific sensor. Users may additionally choose the number of events that will be correlated. The more events added to the correlation search, the more time it will take for the events to be correlated. User may view each individual event by selecting the event details icon.

See Also