Monitor > Automated Correlation Engine
The automated correlation engine tracks patterns on your network and correlates events that indicate an escalation in suspicious behavior or events that amount to malicious activity. The engine functions as your personal security analyst who scrutinizes isolated events across the different sets of logs on the firewall, queries the data for specific patterns, and connects the dots so that you have actionable information.
The correlation engine uses correlation objects that generate correlated events. Correlated events collate evidence to help you trace commonality across seemingly unrelated network events and provide the focus for incident response.
The following models support the automated correlation engine:
- Panorama—M-Series appliances and virtual appliances
- PA-3000 Series firewalls
- PA-5000 Series firewalls
- PA-5200 Series firewalls
- PA-7000 Series firewalls
What do you want to know?
What are correlation objects?
What is a correlated event?
Where do I see the match evidence for a correlation match?
How can I see a graphical view of correlation matches?
See the Compromised Hosts widget in ACC.
Looking for more?
Use the Automated Correlation Engine
Use the Automated Correlation Engine The automated correlation engine is an analytics tool that uses the logs on the firewall to detect actionable events on ...
Automated Correlation Engine Concepts
Automated Correlation Engine Concepts The automated correlation engine uses correlation objects to analyze the logs for patterns and when a match occurs, it generates a ...
Monitor > Automated Correlation Engine > Correlated Events
Monitor > Automated Correlation Engine > Correlated Events Correlated events expand the threat detection capabilities on the firewall and Panorama; the correlated events gather evidence ...
Interpret Correlated Events
Interpret Correlated Events You can view and analyze the logs generated for each correlated event in the Monitor Automated Correlation Engine Correlated Events tab. Correlated ...
Use the Compromised Hosts Widget in the ACC
Use the Compromised Hosts Widget in the ACC The compromised hosts widget on ACC Threat Activity , aggregates the Correlated Events and sorts them by ...
Monitor > Automated Correlation Engine > Correlation Object...
Monitor > Automated Correlation Engine > Correlation Objects To counter the advances in exploits and malware distribution methods, correlation objects extend the signature-based malware detection ...
View the Correlated Objects
View the Correlated Objects You can view the correlation objects that are currently available on the firewall. Select Monitor Automated Correlation Engine Correlation Objects . ...
Ingest Traps ESM Logs on Panorama
Ingest Traps ESM Logs on Panorama Visibility is a critical first step in preventing and reducing the impact of an attack. To help you meet ...
Traps Log Ingestion on Panorama
Traps Log Ingestion on Panorama Panorama can now serve as a Syslog receiver that can ingest logs from the Traps ESM components using Syslog over ...