Threat Detection ManagementThreat Detection Management Guide

Correlation rules are rules that automatically correlate an event to a specific result. If an event meets specific conditions, the correlation rule triggers, which then takes a certain action. With the if-then logic of correlation rules, you can monitor known anomalies, detect signature-based threats, and identify compliance violations.

To navigate to correlation rules, in Threat Detection Management, click the Correlation Rules tab.

To create a correlation rule, you define the events that trigger your rule, specify conditions, then designate outcomes. After you create correlation rules, you can manage them—edit, enable or disable, delete, clone, filter, search for, and sort them.Create Correlation RulesManage Correlation RulesEdit a Correlation RuleEnable or Disable Correlation RulesDelete Correlation RulesClone a Correlation RuleFilter Correlation RulesFind Correlation RulesSort Correlation Rules