Correlations Rules help you analyze correlations of multi-events
from multiple sources by using the Cortex® XDR™ XQL-based engine
for creating scheduled rules.
Correlations Rules requires a Cortex XDR Pro license.
There may be future changes to the Correlation Rules offerings,
which can impact your licensing agreements. You will receive notification
ahead of time before any changes are implemented.
Correlations Rules help you analyze correlations
of multi-events from multiple sources by using the Cortex XDR XQL-based
engine for creating scheduled rules called Correlations Rules. Alerts
can then be triggered based on these Correlations Rules with a defined
timeframe and set schedule, including every X minutes, once a day,
once a week, or a custom time.
Once you have configured your Correlation Rules, you can manage
the Correlation Rules in the
view and analyze the alerts generated from the Correlation Rules
In addition, these Correlation Rules are factored into the number
of incidents displayed on the Cortex XDR Dashboard.