Working with Correlation Rules

Correlations Rules help you analyze correlations of multi-events from multiple sources by using the Cortex® XDR™ XQL-based engine for creating scheduled rules.
Correlations Rules requires a Cortex XDR Pro license. There may be future changes to the Correlation Rules offerings, which can impact your licensing agreements. You will receive notification ahead of time before any changes are implemented.
Correlations Rules help you analyze correlations of multi-events from multiple sources by using the Cortex XDR XQL-based engine for creating scheduled rules called Correlations Rules. Alerts can then be triggered based on these Correlations Rules with a defined timeframe and set schedule, including every X minutes, once a day, once a week, or a custom time.
Once you have configured your Correlation Rules, you can manage the Correlation Rules in the
Correlation Rules
page, view and analyze the alerts generated from the Correlation Rules in the
Alerts
and
Incidents
pages. In addition, these Correlation Rules are factored into the number of incidents displayed on the Cortex XDR Dashboard.

Recommended For You