Correlated events expand the threat detection capabilities
on the firewall and Panorama; the correlated events gather evidence
of suspicious or unusual behavior of users or hosts on the network.
The correlation object makes it possible to pivot on certain
conditions or behaviors and trace commonalities across multiple
log sources. When the set of conditions specified in a correlation
object are observed on the network, each match is logged as a correlated
The correlated event includes the details listed in the following
The time the correlation object triggered
The timestamp when the match was last updated.
The name of the correlation object that
triggered the match.
The IP address of the user from whom the
The user and user group information from
the directory server, if User-ID™ is enabled.
A rating that classifies the risk based
on the extent of damage caused.
A description that summarizes
the evidence gathered on the correlated event.
The Host ID of the device.
a device to the quarantine list (
), click the
down arrow next to the device’s
in the pop-up window
To view the detailed log view, click Details (
an entry. The detailed log view includes all the evidence for a