Correlation

EventTracker’s correlation engine applies rules on inbound events to detect patterns of behavior from multiple log sources in real-time. Because evidence of a security threat or IT problem exists in the audit logs of multiple systems and devices, it is necessary to process and analyze them as they relate to each other.  EventTracker’s correlation engine detects and alerts on  statistical anomalies, unusual behavioral patterns for users, systems, network traffic, applications and more.

EventTracker provides “out-of-box” correlation rules to detect the most common and critical security conditions in real-time, the ability to create custom correlation rules and actions.  Support is provided for heuristic, vector, threshold, comparison and redirecting correlation scenarios, and both statistical and behavioral correlation.