The automated correlation engine is an analytics tool
that uses the logs on the firewall to detect actionable events on
your network. The engine correlates a series of related threat events
that, when combined, indicate a likely compromised host on your
network or some other higher level conclusion. It pinpoints areas
of risk, such as compromised hosts on the network, allows you to assess
the risk and take action to prevent exploitation of network resources.
The automated correlation engine uses correlation objects to
analyze the logs for patterns and when a match occurs, it generates
a correlated event.
The following models support the automated correlation engine:
Panorama—M-Series appliances and virtual appliances