the Automated Correlation Engine
The automated correlation engine is an analytics tool that uses the logs on the firewall to detect actionable events on your network. The engine correlates a series of related threat events that, when combined, indicate a likely compromised host on your network or some other higher level conclusion. It pinpoints areas of risk, such as compromised hosts on the network, allows you to assess the risk and take action to prevent exploitation of network resources. The automated correlation engine uses
correlation objectsto analyze the logs for patterns and when a match occurs, it generates a
The following models support the automated correlation engine:
- Panorama—M-Series appliances and virtual appliances
- PA-7000 Series firewalls
- PA-5200 Series firewalls
- PA-5000 Series firewalls
- PA-3000 Series firewalls
Monitor > Automated Correlation Engine
Monitor > Automated Correlation Engine The automated correlation engine tracks patterns on your network and correlates events that indicate an escalation in suspicious behavior or ...
Automated Correlation Engine Concepts
Automated Correlation Engine Concepts The automated correlation engine uses correlation objects to analyze the logs for patterns and when a match occurs, it generates a ...
Monitor > Automated Correlation Engine > Correlated Events
Monitor > Automated Correlation Engine > Correlated Events Correlated events expand the threat detection capabilities on the firewall and Panorama; the correlated events gather evidence ...
Interpret Correlated Events
Interpret Correlated Events You can view and analyze the logs generated for each correlated event in the Monitor Automated Correlation Engine Correlated Events tab. Correlated ...
Use the Compromised Hosts Widget in the ACC
Use the Compromised Hosts Widget in the ACC The compromised hosts widget on ACC Threat Activity , aggregates the Correlated Events and sorts them by ...
Correlated Events A correlated event is logged when the patterns and thresholds defined in a correlation object match the traffic patterns on your network. To ...
View the Correlated Objects
View the Correlated Objects You can view the correlation objects that are currently available on the firewall. Select Monitor Automated Correlation Engine Correlation Objects . ...
ACC Tabs Network Activity —Displays an overview of traffic and user activity on your network. It focuses on the top applications being used, the top ...
API Log Retrieval Parameters
API Log Retrieval Parameters Specify the log type with additional optional parameters to retrieve logs from a firewall. Parameter Description log-type The type of logs ...