End-of-Life (EoL)
The automated correlation engine tracks patterns on your network and correlates events that indicate an escalation in suspicious behavior or events that amount to malicious activity. The engine functions as your personal security analyst who scrutinizes isolated events across the different sets of logs on the firewall, queries the data for specific patterns, and connects the dots so that you have actionable information.
The correlation engine uses correlation objects that generate correlated events. Correlated events collate evidence to help you trace commonality across seemingly unrelated network events and provide the focus for incident response.
The automated correlation engine is supported on the following platforms only:
Panorama—M-Series and the virtual appliance PA-3000 Series firewalls PA-5000 Series firewalls PA-7000 Series firewalls
The following table provides additional information about the automated correlation engine.
What do you want to know? See:
What are correlation objects? Monitor > Automated Correlation Engine > Correlation Objects
What is a correlated event? Monitor > Automated Correlation Engine > Correlated Events
Where do I see the match evidence for a correlation match?
How can I see a graphical view of correlation matches? See the Compromised Hosts widget in ACC.
Looking for more? Use the Automated Correlation Engine

Recommended For You