- Get Started with Correlation Rules
- Create Correlation Rules
- Manage Correlation Rules
- Share Correlation Rules
- Monitor Correlation Rules
Correlation Rules
Surface well-known, well-defined abnormal behaviour and events with fact-based correlation rules.
Correlation Rules is the application on New-Scale Security Operations Platform you use to create and manage rules that automatically correlate an event to a specific result, also known as correlation rules.
Correlation Rules collects events from the Search store. When an event meets specific conditions, it triggers a correlation rule, which then takes a certain action. With the if-then logic of correlation rules, you can monitor known anomalies, detect signature-based threats, and identify compliance violations.
To create a correlation rule, you define the events that trigger your rule, specify conditions, then designate outcomes. If you don't designate any outcomes, an event is still automatically created every time the rule triggers. If you have a license that supports Threat Center, Threat Center may also automatically create an alert every time the rule triggers. After you create correlation rules, you can manage them: edit them, enable or disable them, delete them, and more.