Released on 17 Oct 2017, 2017
The Correlation Engine has been completely upgraded to bring you complex attack detection across all devices on your network, enhanced field-level correlation, improved incident reports with timeline view, and much more:
- Multiple log format support: Correlation is now carried out across multiple log formats, enabling you to correlate logs from Windows and Unix systems, network devices, and more.
- Enhanced field-level correlation: Correlation can be done based on multiple log field values to provide fine-grained attack detection.
- Predefined rules: The module is packaged with 25 predefined complex attack patterns.
- Custom rule builder: The custom correlation rule builder has been upgraded to include over 250 predefined network actions and advanced filters.
- Check for unique, constant, or shared field values among the actions that make up a rule.
- Use multiple comparison conditions for fields, namely 'equals', 'not equal to', 'starts with', or 'ends with'.
- Create rules for individual log types using specific network actions, or rules common to all log types with generic network actions.
- Incident management integration: All correlation alerts can be viewed and managed with the in-built incident management console.
- The correlation user interface has been upgraded with an all new look and feel, incorporating all the above new features.
- The time between each individual pair of actions can now be specified when creating a rule.