Let's Talk

Event correlation

Description: A method that uses patterns to find relationships between events from different sources, such as applications, devices, and operating systems. It allows you to take remedial action when correlation rules identify a pattern that poses a security threat.

Most SIEMs are capable of correlating events. However, performing event correlation at the log collection level can be more practical, as it minimizes the data sent to your SIEM, thereby reducing log noise, network traffic, and costs. NXLog Agent can correlate events using the Event Correlator processor module. Along with the NXLog language, it provides the tools you need to correlate events at the log collection stage.
Also known as: log event correlation, log data correlation
See also: Correlate events with NXLog Agent

A

Agent-based log collection

Agentless log collection

Agent management

Automatic enrollment

B

C

CEF (Common Event Format)

CSV (Comma-separated Values)

Customer portal

D

DNS (Domain Name System)

E

Endpoint security

EPS (Events Per Second)

ETW (Event Tracing for Windows)

Event correlation

F

G

GELF (Graylog Extended Log Format)

I

ICMP (Internet Control Message Protocol)

IDS (Intrusion Detection System)

J

JSON (JavaScript Object Notation)

K

KVP (Key-Value Pair)

L

LEEF (Log Event Extended Format)

Log centralization

Log normalization

M

Multi-line logs

N

O

P

PCI-DSS (Payment Card Industry Data Security Standard)

R

S

SIEM (Security Information and Event Management)

SNMP (Simple Network Management Protocol)

Structured logging

T

TCP (Transmission Control Protocol)

TLS (Transport Layer Security)

U

UDP (User Datagram Protocol)

W

W3C Extended Log File Format

WEC (Windows Event Collector)

WEF (Windows Event Forwarding)

Windows event ID

WMI (Windows Management Instrumentation)

X