Request trial
Request Trial

NXLog Docs

event correlation

What is event correlation?

Description

Event correlation is a method that uses patterns to find relationships between events from different sources, such as applications, devices, and operating systems. It enables you to take remediation action when correlation rules detect a pattern that threatens security.

In an ideal world, event correlation screens events from your entire infrastructure to automatically identify problems and help you uncover their root cause.

In the world of NXLog

The right event correlation tool can help you monitor your infrastructure more effectively to improve uptime, performance, and security. SIEMs are often configured to correlate events. However, performing event correlation at the log forwarder level can be more practical.

Forwarder-level event correlation allows you to minimize the data you send to your SIEM, for example, by grouping events, thus reducing network traffic and costs. Additionally, you can enrich events with vital information at the source. Doing so ensures that each event contains all necessary data otherwise spread across multiple events from different sources.

Although NXLog is not a SIEM, the pm_evcorr module and the NXLog language provide the tools you need to implement event correlation and trigger immediate actions at the log forwarder level.

Known as

log event correlation, event correlation, log data correlation

Related

Event correlation
Event Correlator (pm_evcorr)

A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   R   S   T   U   V   W   X   Z

A

agent

agent-based log collection

agentless log collection

audit log

B

bandwidth

C

CEF (Common Event Format)

CSV (Comma-separated Values)

D

data source

DNS logging

E

endpoint security

EPS (Events Per Second)

ETW (Event Tracing for Windows)

event correlation

F

failover

G

GELF (Graylog Extended Log Format)

H

High Availability (HA)

I

ICMP (Internet Control Message Protocol)

IDS (Intrusion Detection System)

J

JSON (JavaScript Object Notation)

K

kernel log

KVP (Key-Value Pair)

L

LEEF (Log Event Extended Format)

log centralization

log normalization

log parsing

M

MSSP (Managed Security Service Provider)

multi-line logs

N

NetFlow

O

open source

P

pattern

PCI-DSS (Payment Card Industry Data Security Standard)

protocol

R

Raijin database

Remote Access Server Role

S

SCCM (System Center Configuration Manager)

SEM (Security Event Management)

SIM (Security Information Management)

SIEM (Security Information and Event Management)

SNMP (Simple Network Management Protocol)

SOC (Security Operations Center)

structured logging

syslog

T

TCP (Transmission Control Protocol)

TLS (Transport Layer Security)/SSL (Secure Sockets Layer)

U

UEBA (User and Entity Behavior Analytics)

UDP (User Datagram Protocol)

V

vendor-agnostic

W

W3C Extended Log File Format

WEC (Windows Event Collector)

WEF (Windows Event Forwarding)

Windows Event ID

WMI (Windows Management Instrumentation)

X

XPath

Z

ZeroMQ

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2024 NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS