Monitor > Automated Correlation Engine

The automated correlation engine tracks patterns on your network and correlates events that indicate an escalation in suspicious behavior or events that amount to malicious activity. The engine functions as your personal security analyst who scrutinizes isolated events across the different sets of logs on the firewall, queries the data for specific patterns, and connects the dots so that you have actionable information.
The correlation engine uses correlation objects that generate correlated events. Correlated events collate evidence to help you trace commonality across seemingly unrelated network events and provide the focus for incident response.
The following models support the automated correlation engine:
  • Panorama—M-Series appliances and virtual appliances
  • PA-3200 Series firewalls
  • PA-5200 Series firewalls
  • PA-7000 Series firewalls
What do you want to know?
What are correlation objects?
What is a correlated event?
Where do I see the match evidence for a correlation match?
How can I see a graphical view of correlation matches?
See the Compromised Hosts widget in ACC.
Looking for more?

Recommended For You