What is event correlation?
Event correlation is a method that uses patterns to find relationships between events from different sources, such as applications, devices, and operating systems. It enables you to take remediation action when correlation rules detect a pattern that threatens security.
In an ideal world, event correlation screens events from your entire infrastructure to automatically identify problems and help you uncover their root cause.
- In the world of NXLog
The right event correlation tool can help you monitor your infrastructure more effectively to improve uptime, performance, and security. SIEMs are often configured to correlate events. However, performing event correlation at the log forwarder level can be more practical.
Forwarder-level event correlation allows you to minimize the data you send to your SIEM, for example, by grouping events, thus reducing network traffic and costs. Additionally, you can enrich events with vital information at the source. Doing so ensures that each event contains all necessary data otherwise spread across multiple events from different sources.
Although NXLog is not a SIEM, the pm_evcorr module and the NXLog language provide the tools you need to implement event correlation and trigger immediate actions at the log forwarder level.
- Known as
log event correlation, event correlation, log data correlation